Scrutora Scan for Azure Pipelines
Offline, compliance-mapped code scanning for DPDPA, HIPAA, GDPR, PCI-DSS and RBI. No API key, no account, and your code never leaves the agent — the scan runs entirely inside a container on your build agent and writes standard SARIF v2.1.0.
Usage
steps:
- task: ScrutoraScan@1
inputs:
path: '.'
frameworks: 'dpdpa,hipaa'
failOn: 'high' # none | low | medium | high | critical
Findings are uploaded as the CodeAnalysisLogs artifact, so if you also install the free SARIF SAST Scans Tab extension they render on a build tab automatically.
Gate a build on findings
- task: ScrutoraScan@1
inputs:
frameworks: 'dpdpa,hipaa,pcidss'
failOn: 'critical' # fail the build on CRITICAL findings
| Input |
Default |
Description |
path |
. |
Directory or file to scan |
frameworks |
dpdpa |
Comma-separated frameworks (dpdpa,hipaa,gdpr,pcidss,…) |
failOn |
high |
Fail at or above this severity (none…critical) |
sarifFile |
scrutora.sarif |
SARIF output path |
publishArtifact |
true |
Publish SARIF as the CodeAnalysisLogs artifact |
Requirements
Runs on Microsoft-hosted ubuntu agents (Docker included) or any self-hosted agent with Docker.
Privacy
The scan is fully offline. No source code, findings, or telemetry are transmitted to Scrutora or any third party.
Learn more at scrutora.com · GitHub