Cycode Security Scan — Azure DevOps Extension

Integrate Cycode security scanning into your Azure Pipelines with two pipeline tasks and a dedicated build results tab.

Tasks

Cycode Security Scan (cycodescan)

Runs the Cycode CLI on your repository and publishes an interactive HTML report as a new Cycode Scan Results tab in the build results view.

Features:

• Installs the Cycode CLI automatically if not present (requires Python 3 + pip on the agent)
• Supports all scan types: SAST, SCA, Secrets, and IaC — individually or all at once
• Rich, filterable HTML report attached directly to the build
• Configurable severity threshold for pipeline gating
• Works on Linux and Windows hosted/self-hosted agents

Example usage:

- task: cycodescan@0
  displayName: 'Cycode Security Scan'
  inputs:
    CycodeClientID: $(CycodeClientID)
    CycodeClientSecret: $(CycodeClientSecret)
    scanPath: $(Build.SourcesDirectory)
    scanType: sast
    severityThreshold: High
    breakPipeline: true

Cycode API Gate (cycodeapigate)

Queries the Cycode Risk Intelligence Graph (RIG) for Open violations already triaged on the platform and fails the pipeline if any match. No CLI installation required — uses the Cycode REST API directly.

Features:

• Filters by severity, scan category, and minimum risk score
• Outputs the top 20 matching violations to the build log
• Detects when the result set exceeds the 200-item page cap

Example usage:

- task: cycodeapigate@0
  displayName: 'Cycode API Gate'
  inputs:
    CycodeClientID: $(CycodeClientID)
    CycodeClientSecret: $(CycodeClientSecret)
    repoName: my-service
    severityMin: High
    category: SAST
    breakPipeline: true

Credentials

Both tasks require a Cycode API Client ID and Client Secret. Generate these in the Cycode Console under Settings → API Tokens. Store them as secret pipeline variables — they are passed as environment variables and never appear in logs.

Requirements

Both tasks support Node 22 execution on Azure Pipelines hosted agents (Ubuntu, Windows, macOS).