AdvancedSecurity-Codeql-Analyze@1 - Advanced Security Perform CodeQL analysis v1 task
Analyzes the code in an Azure Repos Git repository to find security vulnerabilities and coding errors. You must have GitHub Advanced Security for Azure DevOps enabled for the repository being scanned.
Syntax
# Advanced Security Perform CodeQL analysis v1
# Finalizes the CodeQL database and runs the analysis queries.
- task: AdvancedSecurity-Codeql-Analyze@1
inputs:
#WaitForProcessing: false # boolean. Enable Wait for Processing. Default: false.
#WaitForProcessingInterval: '5' # string. Optional. Use when WaitForProcessing = true. Wait for Processing Time Interval. Default: 5.
#WaitForProcessingTimeout: '120' # string. Optional. Use when WaitForProcessing = true. Wait for Processing Timeout. Default: 120.
Inputs
WaitForProcessing - Enable Wait for Processing
boolean. Default value: false.
Wait for Advanced Security to process published SARIF file before completing.
WaitForProcessingInterval - Wait for Processing Time Interval
string. Optional. Use when WaitForProcessing = true. Default value: 5.
Time, in seconds, to wait between each call to Advanced Security to check SARIF processing status.
WaitForProcessingTimeout - Wait for Processing Timeout
string. Optional. Use when WaitForProcessing = true. Default value: 120.
Time, in seconds, to wait for Advanced Security to process SARIF file before completing.
Task control options
All tasks have control options in addition to their task inputs. For more information, see Control options and common task properties.
Output variables
None.
Remarks
Important
This task is supported with Azure Repos Git repositories only.
Prerequisites
For the task to successfully complete and populate the Advanced Security tab for the scanned repository, Advanced Security must be enabled for that repository prior to running a build with the dependency scanning task included.
The task is available to run on self-hosted agents as well as Microsoft-hosted agents. For self-hosted agents, see additional self-hosted agent set-up instructions.
The pipeline must call the tasks in the following order.
- Initialize CodeQL
- AutoBuild (or your custom build tasks)
- Perform CodeQL analysis
The AutoBuild task is optional and may be replaced with your custom build tasks. Either AutoBuild or your custom build tasks must be run for your project to be analyzed.
The analysis task must appear after the initialize task for successful completion.
# Initialize CodeQL database
- task: AdvancedSecurity-Codeql-Init@1
inputs:
languages: 'csharp'
displayName: 'Advanced Security Initialize CodeQL'
# Build project using Autobuild or your own custom build steps
- task: AdvancedSecurity-Codeql-Autobuild@1
displayName: 'Advanced Security Autobuild'
# Run analysis
- task: AdvancedSecurity-Codeql-Analyze@1
displayName: 'Advanced Security Code Scanning'
Requirements
| Requirement | Description |
|---|---|
| Pipeline types | YAML, Classic build, Classic release |
| Runs on | Agent, DeploymentGroup |
| Demands | None |
| Capabilities | This task does not satisfy any demands for subsequent tasks in the job. |
| Command restrictions | Any |
| Settable variables | Any |
| Agent version | All supported agent versions. |
| Task category | Build |