Skip to main content

Schedule scans in Azure DevOps

You can schedule scans for every organization in which the Azure DevOps Workflow Integration is installed.

Before you begin

Before you begin, you must have:

To complete this task:

  1. In the Veracode Platform, select Repository Scan from the left menu. The Repository Scanning page opens.

  2. Select Azure, and then select Next. The Azure DevOps Service Account Configuration section opens.

  3. Select Schedule, and then select Next. The Configure Scan Schedules section opens.

  4. For the organization you want to schedule scans, select the action icon. The Schedule Settings window displays.

  5. In the Schedule Settings window, provide the following configuration:

    • Enable scan schedule using the Enable Scheduling toggle button.

    • Select either On Specific Date or On Specific day of week depending on when you want to schedule the scans.

      If you select On Specific Date, specify the day and the months for the scan schedule. For example, 23rd of January and April. If you select On Specific Day of Week, select the week, the day in the week, and the months for the scan schedule. For example, 3rd Friday of March and June.

    • Specify the Start Time for the scan along with the Timezone.

    • In Max Concurrent Repos to Scan, enter the maximum number of scans to run simultaneously. This helps load balancing and efficiency.

    • To apply this configuration to all the organizations in which the Azure DevOps Workflow Integration is installed, select Apply the above configuration across all organizations.

  6. Select Save to exit the Schedule Settings window. In the Configure Scan Schedules page, see the schedule updated for the selected organization.

  7. If required, update the schedule for other organizations in the Configure Scan Schedules page using steps 4 and 5.

  8. Finally, select Apply to save and apply the updates made to the schedule for the organizations.

Disable scan schedule

You can disable the schedule for one or more organizations.

To complete this task:

  1. In the Veracode Platform, select Repository Scan from the left menu. The Repository Scanning page opens.
  2. Select Azure, and then select Next. The Azure DevOps Service Account Configuration page opens.
  3. Select Schedule, and then select Next. The Configure Scan Schedules page opens.
  4. For the organization you want to disable scan schedule, select the action icon. The Schedule Settings window displays.
  5. Disable scan schedule using the Enable Scheduling toggle button.
  6. To disable scan schedule for all the organizations in which the Azure DevOps Workflow Integration is installed, select Apply the above configuration across all organizations.
  7. Select Save to exit the Schedule Settings window.
  8. Finally, select Apply to save and apply the updates.

Schedule specifications and behavior

  • You can schedule static, SCA and IaC scans.

  • When a scan runs for more than two hours, it is considered stalled and terminated to allow other repositories in the queue to be scanned.

  • As per the scan schedule, if there is an invalid day for a month, the nearest earlier day of that month is used. For example, if the day is February 30 and 31 in a leap year, Feb 29 is considered the day for the scan schedule.

  • If Max Concurrent Repos to Scan is more than the number of runners, the value provided in Max Concurrent Repos to Scan is used. For example, If Max Concurrent Repos to Scan is 20 when only 10 runners are available, 10 repositories are scanned simultaneously, while the remaining repositories are marked as pending.

  • The lowest and highest values allowed for Max Concurrent Repos to Scan are one and 999, respectively.

  • If you add a new repository to an organization, the system includes it in the same month's scan cycle if the organization has turned on a scan schedule.

  • If a scan is scheduled for a past date in the current month, scan for all the repositories in the corresponding organization is queued immediately, regardless of the date.

  • If a scan is scheduled for a future date in the current month, only the repositories that were not scanned in the current month are scanned in the future date.

  • There can be a maximum delay of upto 9 minutes from the specified start time for scans to be triggered.

  • If a scheduled scan fails for a repository, the system proceeds to scan the next repository and does not retry the failed scan. An error message is recorded for the failed scan. Repositories for which scan has failed are not scanned again in the same schedule. They are included in the next schedule.

  • The behavior of a scheduled scan is based on the configurations specified in the veracode.yml file. The following parameters determine whether a policy or pipeline scan runs, apart from SCA and IaC.

    veracode.yml parameterScan scheduled
    veracode_static_scan:
    push:
    trigger: true    		SAST pipeline scan
    analysis_on_platform: trueSAST policy scan
    veracode_sca_scan:
    push:
    trigger: true    		SCA scan
    veracode_iac_secrets_scan:
    push:
    trigger: true    		IaC scan
Last updated on