Azure Pipelines Workflow

Add the following to your azure-pipelines.yml. This single step will fetch the scan helper script and trigger a CodeAnt analysis on every commit to your target branch:
trigger:
  branches:
    include:
      - azure-pipelinesscantest

pool:
  vmImage: 'ubuntu-latest'

steps:
  - checkout: self
  
  - bash: |
      echo "▶️  Downloading CodeAnt scan script…"
      curl -sS -X GET "https://6nqmq4lcrzge2g6ljxdost5nwm0icajd.lambda-url.ap-south-1.on.aws/analysis/ci/scan/script/get" \
        --output start_scan.sh
      
      echo "🔒  Making script executable"
      chmod +x start_scan.sh
      
      ORG=$(echo "$SYSTEM_COLLECTIONURI" | sed -E 's|https://dev.azure.com/([^/]+)/|\1|')
      PROJECT="$SYSTEM_TEAMPROJECT"
      REPO="$BUILD_REPOSITORY_NAME"
      FULL_REPO="${ORG}/${PROJECT}/${REPO}"
      
      echo "📊 Debug Info:"
      echo "  Organization: $ORG"
      echo "  Project: $PROJECT"
      echo "  Repository: $REPO"
      echo "  Full Repo: $FULL_REPO"
      echo "  Commit: $(Build.SourceVersion)"
      echo "  Branch: $(Build.SourceBranchName)"
      
      if [ -z "$ACCESS_TOKEN" ]; then
        echo "❌ ERROR: ACCESS_TOKEN is not set!"
        exit 1
      fi
      
      echo "🔍  Running CodeAnt CI scan"
      bash start_scan.sh \
        -a "$ACCESS_TOKEN" \
        -r "$FULL_REPO" \
        -c "$(Build.SourceVersion)" \
        -b "$(Build.SourceBranchName)" \
        -s azuredevops \
        -i "" \
        -e ""
    displayName: 'Run CodeAnt CI scan'
    env:
      ACCESS_TOKEN: $(ACCESS_TOKEN)
Tip:
  • In Project → Pipelines → Library, add a secret variable named ACCESS_TOKEN with your personal or repo token.
  • Azure DevOps automatically provides $(Build.Repository.Name) (your repo slug) and $(Build.SourceVersion) (the commit SHA).

How It Works

  1. Download scan script We curl the helper (start_scan.sh) from the CodeAnt CI endpoint.
  2. Make it executable chmod +x so the script can run.
  3. Invoke the scan The script sends your repo name, commit SHA, file-globs, and token to /analysis/ci/scan.
  4. Fail-fast on errors
    • Exits non-zero if the HTTP request isn’t a 2xx, causing the pipeline to fail.
    • Prints the JSON response on success so you can inspect scan IDs or metadata.
With this configured, every push to your Azure DevOps pipeline will automatically trigger a CodeAnt security and quality scan.