You can configure the Veracode Azure DevOps Extension in Visual Studio to scan ASP.NET applications as part of your Azure DevOps build process.
Before You Begin
- You have precompiled your ASP.NET application and generated a PUBXML file according to the instructions in the Veracode Packaging Requirements. You can see an example .NET project that has a precompilation on line 25 in this example: https://github.com/veracode/verademo-dotnet/blob/main/azure-pipelines.yml.
- The Azure DevOps Build configuration task requires that you use Visual Studio as your integrated development environment.
Open the ASP.NET application in Visual Studio.
Add the veracode.pubxml file that contains Veracode-specific settings to the
veracode.pubxmlfile to verify your configuration.
Veracode uses the information in this file to generate the necessary artifacts for scanning an application.
Check in the changes to your repository.
In TFS or Azure DevOps, open your Azure DevOps project.
Select the Build tab and navigate to your build definition.
Select the Build solution task.
In the MSBuild Arguments field, enter the path of your application PUBXML file. For example,
Perform the standard Azure DevOps build configuration steps.