You can configure the Veracode Azure DevOps Extension in Visual Studio to scan ASP.NET applications as part of your Azure DevOps build process.
Before you begin:
- You have precompiled your ASP.NET application and generated a PUBXML file according to the instructions in the packaging requirements. You can see an example .NET project that has a precompilation on line 25 in this example: https://github.com/veracode/verademo-dotnet/blob/main/azure-pipelines.yml.
- The Azure DevOps Build configuration task requires that you use Visual Studio as your integrated development environment.
To complete this task:
- Open the ASP.NET application in Visual Studio.
- Add the
veracode.pubxmlfile that contains Veracode-specific settings to the
- View the
veracode.pubxmlfile to verify your configuration. Veracode uses the information in this file to generate the necessary artifacts for scanning an application.
- Check in the changes to your repository.
- In TFS or Azure DevOps, open your Azure DevOps project.
- Select the Build tab and navigate to your build definition.
- Select the Build solution task.
- In the MSBuild Arguments field, enter the path of your application PUBXML file. For example,
- Complete the Azure DevOps build configuration for Static Analysis.