CodeScan CloudUse the CodeScan build tasks in your build/release definitions to track bugs, code smells and vulnerabilities in Salesforce languages like Apex, VisualForce, Lightning, etc |
CodeScan Cloud enables your development team to deliver Clean Code consistently and efficiently by seamlessly integrating into your cloud DevOps platforms and extending your CI/CD workflow. This SaaS tool catches Security Vulnerabilities, Bugs, and Code Smells in your pull requests, branches, and throughout your repository, with more than 2 billion lines of code and 120,000+ active projects analyzed every week. You can start a no-commitment, 14-day trial of CodescanCloud for your private repositories completely free. No need to speak with a sales rep or request a license key - get automatic code analysis results on your private projects in minutes! CodescanCloud analysis is always free for open-source projects. You can create your free CodescanCloud account [here][signup]. This Azure DevOps extension provides build tasks that you can add in your build definition. You'll benefit from automated detection of bugs and vulnerabilities across all branches and Pull Requests. CodescanCloud explains all coding issues in details, giving you chance to fix your code before even merging and deploying, all the while learning best practices along the way. At project level, you'll also get a dedicated widget that tracks the overall health of your application. About the CodescanCloud Azure DevOps Marketplace ExtensionThis extension provides the following features:
Note that the above features are available for all Git repository providers in Azure DevOps: Azure Repos Git, Bitbucket Cloud or GitHub. Highlighted FeaturesSeamless Integration with .Net solutionsThe analysis of C# and VB. Net solution is really straightforward since it only requires adding the two Prepare Analysis Configuration and Run Code Analysis tasks to your build definition. Easy setup for Maven and Gradle projectsIf you're doing Java, analyzing your source code is also very easy. It only requires adding the Prepare Analysis Configuration task, and check the Run CodescanCloud Analysis option in the "Code Analysis" panel of the Maven or Gradle task. Branch and Pull Request analysisWhatever type of source repository you are analysing, when a build is run on a branch of your project, the extension automatically configures the analysis to be pushed to the relevant project branch on CodescanCloud:
If you configure your build definition as a build validation for pull requests of that project (this can be done on "Branch policies"), CodescanCloud will also analyze the code changes and decorate the pull request with comments and overall status so that you can merge with confidence:
Important note: to activate pull request decoration, you must specify a user token in the "General Settings > Pull Requests" administration page of your project in CodescanCloud. Quality Gate StatusIn a dashboard widgetYou can monitor the quality gate status of your projects in your favorite dashboard:
In Release Pipelines (Preview)You can check the quality gate status of a build as a pre-deployment gate in release pipelines. In the build summaryThe Publish Quality Gate Result task waits for the analysis report to be consumed by CodescanCloud in order to flag the build job with the Quality Gate status. The Quality Gate is a major, out-of-the-box feature of CodescanCloud. It provides the ability to know at each analysis whether an application passes or fails the release criteria. In other words it tells you at every analysis whether an application is ready for production "quality-wise". Example of a passing Quality Gate:
Example of a failing Quality Gate:
|
