Azure Pipelines Workflow

Add the following to your azure-pipelines.yml. This single step will fetch the scan helper script and trigger a CodeAnt analysis on every commit to your target branch:

trigger:
  branches:
    include:
      - main          # or your primary branch

pool:
  vmImage: 'ubuntu-latest'

variables:
  # Define ACCESS_TOKEN as a secret pipeline variable in your project settings
  - name: ACCESS_TOKEN
    value: $(ACCESS_TOKEN)

steps:
  - checkout: self

  - script: |
      echo "▶️  Downloading CodeAnt scan script…"
      curl -sS -X GET "https://6nqmq4lcrzge2g6ljxdost5nwm0icajd.lambda-url.ap-south-1.on.aws/analysis/ci/scan/script/get" \
        --output start_scan.sh

      echo "🔒  Making script executable"
      chmod +x start_scan.sh

      echo "🔍  Running CodeAnt CI scan"
      bash start_scan.sh \
        -a $(ACCESS_TOKEN) \
        -r $(Build.Repository.Name) \
        -c $(Build.SourceVersion) \
        -s azuredevops \
        -i "" \
        -e ""
    displayName: 'Run CodeAnt CI scan'

Tip:

  • In Project → Pipelines → Library, add a secret variable named ACCESS_TOKEN with your personal or repo token.
  • Azure DevOps automatically provides $(Build.Repository.Name) (your repo slug) and $(Build.SourceVersion) (the commit SHA).

How It Works

  1. Download scan script We curl the helper (start_scan.sh) from the CodeAnt CI endpoint.

  2. Make it executable chmod +x so the script can run.

  3. Invoke the scan The script sends your repo name, commit SHA, file-globs, and token to /analysis/ci/scan.

  4. Fail-fast on errors

    • Exits non-zero if the HTTP request isn’t a 2xx, causing the pipeline to fail.
    • Prints the JSON response on success so you can inspect scan IDs or metadata.

With this configured, every push to your Azure DevOps pipeline will automatically trigger a CodeAnt security and quality scan.