Skip to content
| Marketplace
Sign in
Azure DevOps>Azure Pipelines>Qwiet preZero for Azure DevOps
Qwiet preZero for Azure DevOps

Qwiet preZero for Azure DevOps

Qwiet AI

qwiet.ai
|
37 installs
| (1) | Free
Qwiet preZero for Azure DevOps pipelines. View analysis and other reports right within the Azure DevOps pipeline build results.
Get it free

Qwiet preZero for Azure DevOps

Qwiet preZero for Azure DevOps is an extension for Azure DevOps Pipelines that displays Qwiet AI analysis results produced as part of an Azure DevOps Pipelines run.

Screen capture of Qwiet preZero for Azure DevOps demo

Configuration

Create a new variable group and variable:

  • Navigate to Pipelines and then Library
  • Create a new Variable group with name shiftleft-token
  • Add a SHIFTLEFT_ACCESS_TOKEN variable. Obtain a CI token from the Qwiet AI Organization integrations page
  • You can find additional details in the Azure Pipelines documentation

Update pipeline

Update an existing pipeline (e.g. azure-pipelines.yaml) or create a new one with the code below. Please note that this extension expects an artifact called QwietReports that contains files with the following names:

  • qwiet-analysis-output.json
  • qwiet-check-analysis-report.md
  • qwiet-bestfix-report.json
  • qwiet-sbom-report.json
variables:
- group: shiftleft-token

trigger:
- master
- feature/*

pool:
  vmImage: 'windows-latest'

stages:
- stage: Builders
  displayName: Qwiet preZero
  jobs:
  - job: Build
    displayName: Qwiet preZero analysis
    steps:
    - task: NuGetToolInstaller@1

    - task: PowerShell@2
      displayName: Download Qwiet preZero CLI
      inputs:
        targetType: 'inline'
        script: |
          Invoke-WebRequest -Uri 'https://cdn.shiftleft.io/download/sl-latest-windows-x64.zip' -OutFile $(Agent.HomeDirectory)\sl.zip
          Expand-Archive -Path $(Agent.HomeDirectory)\sl.zip -DestinationPath $(Agent.HomeDirectory)\

    - task: DotNetCoreCLI@2
      displayName: Restore web api
      inputs:
        command: 'restore'
        projects: '$(Build.SourcesDirectory)'

    - task: CmdLine@2
      displayName: Analyze code with Qwiet preZero
      inputs:
        script: |
          $(Agent.HomeDirectory)\sl.exe analyze --wait --app $(System.TeamProject) --tag branch=$(Build.SourceBranchName) --structured-output --structured-output-format JSON --structured-output-file-path qwiet-analysis-output.json --csharp vulnerable_asp_net_core.sln
        workingDirectory: '$(Build.SourcesDirectory)'
      env:
        SHIFTLEFT_ACCESS_TOKEN: $(SHIFTLEFT_ACCESS_TOKEN)

    - task: CmdLine@2
      displayName: Generate Qwiet preZero check-analysis report
      inputs:
        script: |
          $(Agent.HomeDirectory)\sl.exe check-analysis --v2 --no-build-rules --app $(System.TeamProject) --branch $(Build.SourceBranchName) --report-file qwiet-check-analysis-report.md
        workingDirectory: '$(Build.SourcesDirectory)'
      env:
        SHIFTLEFT_ACCESS_TOKEN: $(SHIFTLEFT_ACCESS_TOKEN)

    - task: CmdLine@2
      displayName: Download and setup Qwiet preZero integrations
      inputs:
        script: |
          git clone https://github.com/ShiftLeftSecurity/field-integrations.git report
          pip3 install -r report/shiftleft-utils/requirements.txt
        workingDirectory: '$(Build.SourcesDirectory)'

    - task: CmdLine@2
      displayName: Generate Qwiet preZero bestfix report
      inputs:
        script: |
          python3 report/shiftleft-utils/bestfix.py --no-logo -a $(System.TeamProject) -f json -o qwiet-bestfix-report.json -s .
        workingDirectory: '$(Build.SourcesDirectory)'
      env:
        SHIFTLEFT_ACCESS_TOKEN: $(SHIFTLEFT_ACCESS_TOKEN)
        CI: 1

    - task: CmdLine@2
      displayName: Generate Qwiet preZero SBOM report
      inputs:
        script: |
          python3 report/shiftleft-utils/sbom_report.py -a $(System.TeamProject) -o qwiet-sbom-report.json
        workingDirectory: '$(Build.SourcesDirectory)'
      env:
        SHIFTLEFT_ACCESS_TOKEN: $(SHIFTLEFT_ACCESS_TOKEN)
      
    - task: CopyFiles@2
      displayName: 'Copy Qwiet preZero reports to: $(Build.ArtifactStagingDirectory)'
      inputs:
        SourceFolder: '$(Build.SourcesDirectory)'
        Contents: |
          qwiet-analysis-output.json
          qwiet-check-analysis-report.md
          qwiet-bestfix-report.json
          qwiet-sbom-report.json
        TargetFolder: '$(Build.ArtifactStagingDirectory)'
      
    - task: PublishBuildArtifacts@1
      displayName: 'Publish Artifact: QwietReports'
      inputs:
        ArtifactName: QwietReports
        PathtoPublish: '$(Build.ArtifactStagingDirectory)'

About Qwiet AI

Qwiet AI, formerly ShiftLeft, reduces the noise inherent in the AppSec and DevSecOps space and allows developers to focus on high-fidelity results that have the greatest impact in their environment. Qwiet AI’s platform is the first in the industry to provide AI-driven detection and AutoFixes of zero-day and pre-zero-day vulnerabilities in code.

  • Contact us
  • Jobs
  • Privacy
  • Manage cookies
  • Terms of use
  • Trademarks
© 2025 Microsoft