Skip to main content

Installation

Before using CodeAnt CI Scan in your Azure Pipelines, you need to install the CodeAnt extension from the Azure DevOps Marketplace:
  1. Go to the Azure DevOps Marketplace and search for “CodeAnt AI” or directly download from here
  2. Click Get it free
  3. Select your Azure DevOps organization
  4. Click Install
Once installed, the codeant-ci-scan task will be available in all pipelines across your organization.

Azure Pipelines Workflow

Add the following to your azure-pipelines.yml. It will trigger on every push to your target branch and kick off a CodeAnt analysis scan: 
trigger:
  branches:
    include:
      - main

pool:
  vmImage: 'ubuntu-latest'

steps:
  - checkout: self

  - task: codeant-ci-scan@1
    inputs:
      accessToken: $(ACCESS_TOKEN)
      baseUrl: 'https://api.codeant.ai'
    displayName: 'CodeAnt CI Scan'

With Optional Parameters

You can customize the scan behavior with additional parameters: 
steps:
  - checkout: self

  - task: codeant-ci-scan@1
    inputs:
      accessToken: $(ACCESS_TOKEN)
      baseUrl: 'https://api.codeant.ai'
      includePaths: 'src/**/*.{js,ts}'
      excludePaths: '**/node_modules/**,**/dist/**'
      timeout: '300'
      pollInterval: '15'
      noWait: 'false'
    displayName: 'CodeAnt CI Scan'
Important:
  • In Project → Pipelines → Library, add a secret variable named ACCESS_TOKEN with your personal access token or repo token.

How it works

  1. Setup environment The task automatically extracts organization, project, and repository information from Azure DevOps built-in variables.
  2. Download script The task fetches the CI scan script (start_scan.sh) from the CodeAnt API endpoint.
  3. Trigger scan The script initiates a CI scan for your commit, optionally waiting for results based on the noWait parameter.
  4. Pipeline feedback
    • Success: Scan completes successfully (or is triggered in no-wait mode)
    • Failure: Scan fails or detects critical issues, blocking the build

Script Parameters

The start_scan.sh script accepts the following parameters:

Required Parameters

ParameterFlagDescriptionExample
Access Token-a, --access-tokenAuthentication token for CodeAnt API. Can be a Personal Access Token (PAT) or repository token$(ACCESS_TOKEN)
Repository-r, --repoRepository name in organization/project/repository formatmyorg/myproject/myrepo
Commit ID-c, --commit-idGit commit SHA to analyze$(Build.SourceVersion)
Service-s, --serviceGit service providerazuredevops, github, gitlab

Optional Parameters

ParameterFlagDefaultDescription
Branch-b, --branch(empty)Branch name for the analysismain, develop
Include Files-i, --include-files(empty)Glob patterns for files to include in analysis"src/**/*.js"
Exclude Files-e, --exclude-files(empty)Glob patterns for files to exclude from analysis"**/test/**"
Polling Interval-p, --polling-interval30Seconds between result polling attempts20
Timeout-t, --timeout300Maximum seconds to wait for results600
No Wait-n, --no-waitfalseSkip waiting for results, only trigger the scan(flag only)

Execution Time Considerations

⏱️ Performance Options:
  • With result waiting (default): ~7 minutes
    • Triggers scan and waits for complete analysis results
    • Includes both security and SCA (Software Composition Analysis) results
    • Best for comprehensive CI/CD pipelines where you need immediate feedback
  • With --no-wait flag: ~2 minutes
    • Only triggers the scan and returns immediately
    • Results can be fetched later or viewed in the CodeAnt dashboard
    • Ideal for faster CI runs or when results can be processed asynchronously

Example Configurations

Fast CI Mode (No Wait)

For quick pipeline runs where you don’t need immediate results: 
steps:
  - checkout: self

  - task: codeant-ci-scan@1
    inputs:
      accessToken: $(ACCESS_TOKEN)
      baseUrl: 'https://api.codeant.ai'
      noWait: 'true'
    displayName: 'CodeAnt CI Scan (Fast Mode)'

Comprehensive Analysis (Wait for Results)

For thorough analysis with complete results: 
steps:
  - checkout: self

  - task: codeant-ci-scan@1
    inputs:
      accessToken: $(ACCESS_TOKEN)
      baseUrl: 'https://api.codeant.ai'
      timeout: '600'
      pollInterval: '20'
      noWait: 'false'
    displayName: 'CodeAnt CI Scan (Full Results)'

Custom File Filtering

To scan only specific files or exclude certain paths: 
steps:
  - checkout: self

  - task: codeant-ci-scan@1
    inputs:
      accessToken: $(ACCESS_TOKEN)
      baseUrl: 'https://api.codeant.ai'
      includePaths: 'src/**/*.{js,ts}'
      excludePaths: '**/node_modules/**,**/dist/**,**/test/**'
      noWait: 'true'
    displayName: 'CodeAnt CI Scan (Filtered)'

Branch-Specific Configuration

Run different scan modes based on the branch: 
steps:
  - checkout: self

  # Fast mode for feature branches
  - task: codeant-ci-scan@1
    condition: ne(variables['Build.SourceBranch'], 'refs/heads/main')
    inputs:
      accessToken: $(ACCESS_TOKEN)
      baseUrl: 'https://api.codeant.ai'
      noWait: 'true'
    displayName: 'CodeAnt CI Scan (Feature Branch - Fast)'

  # Full analysis for main branch
  - task: codeant-ci-scan@1
    condition: eq(variables['Build.SourceBranch'], 'refs/heads/main')
    inputs:
      accessToken: $(ACCESS_TOKEN)
      baseUrl: 'https://api.codeant.ai'
      timeout: '600'
      noWait: 'false'
    displayName: 'CodeAnt CI Scan (Main Branch - Full)'

Best Practices

  1. Use fast mode for PRs: Set noWait: 'true' for pull request pipelines to keep them fast
  2. Full analysis for main: Use complete analysis (wait for results) on main/master branch merges
  3. Adjust timeouts: Increase timeout for larger repositories that take longer to analyze
  4. File filtering: Use include/exclude patterns to focus analysis on relevant code
  5. Keep tokens secure: Always use Azure DevOps Variable Groups or Pipeline Variables for tokens
  6. Monitor performance: Track scan times and optimize based on your repository size

Troubleshooting

Task not found

If you see “Task ‘codeant-ci-scan’ not found”:
  • Ensure the CodeAnt extension is installed in your Azure DevOps organization
  • Go to Organization Settings → Extensions to verify installation
  • Check that the extension is enabled for your project

Scan times out

If the scan takes longer than expected:
  • Increase the timeout using timeout: '600' (10 minutes) or higher
  • Check if the CodeAnt service is operational
  • Consider using noWait: 'true' for faster pipeline execution
  • Review your network connectivity to the CodeAnt API

Authentication failures

If you see “Access token invalid” or “ACCESS_TOKEN is required”:
  • Verify your ACCESS_TOKEN variable is correctly configured in Pipeline Variables or Variable Groups
  • Ensure the token has appropriate repository permissions
  • Check that the variable is marked as secret
  • Verify the token hasn’t expired

No results returned

If the scan completes but returns no results:
  • Check that CI scanning is enabled for your repository in CodeAnt
  • Verify the commit SHA is correct
  • Ensure your Azure DevOps organization has proper integration with CodeAnt
  • Check the CodeAnt dashboard to see if the scan was registered

Repository format issues

If you see “Invalid repository format” or “Required Azure DevOps variables not found”:
  • Verify that environment variables are being set correctly
  • Check that BUILD_REPOSITORY_NAME, BUILD_SOURCEVERSION, and SYSTEM_TEAMPROJECT are available
  • The task expects repository format: organization/project/repository
  • Add debugging by checking the task logs for environment variable values

Windows compatibility issues

If running on Windows agents:
  • Ensure Git Bash or WSL is available on the agent
  • The task automatically detects Windows and uses bash for script execution
  • Consider using Linux agents (ubuntu-latest) for best compatibility

Advanced Configuration

Custom API Endpoint

If you’re using a self-hosted CodeAnt instance: 
- task: codeant-ci-scan@1
  inputs:
    accessToken: $(ACCESS_TOKEN)
    baseUrl: 'https://your-codeant-instance.com'

Parallel Jobs

Run scans in parallel for different directories: 
jobs:
  - job: ScanBackend
    steps:
      - task: codeant-ci-scan@1
        inputs:
          accessToken: $(ACCESS_TOKEN)
          baseUrl: 'https://api.codeant.ai'
          includePaths: 'backend/**'
        displayName: 'Scan Backend'

  - job: ScanFrontend
    steps:
      - task: codeant-ci-scan@1
        inputs:
          accessToken: $(ACCESS_TOKEN)
          baseUrl: 'https://api.codeant.ai'
          includePaths: 'frontend/**'
        displayName: 'Scan Frontend'
With CodeAnt CI Scan in place, every push will automatically trigger a comprehensive code analysis, helping you maintain high code quality and security standards in your Azure DevOps repositories.