Azure DevOps Pipelines
The Meterian Scanner Azure DevOps, available in the Azure DevOps Extensions Marketplace, adds an extra level of protection to your pipelines.
The native integration of Meterian in Azure DevOps can be completed in a few simple steps:
- Set the Meterian API Token, either:
- in a variables group
- as part of a pipeline
In order to work, the Meterian scanner requires a working version of Docker in the image used to run the pipeline.
The only pre-requisite is a Meterian API Token which can be obtained from
your paid subscription account's Meterian Dashboard. If you are using a free account and would like to upgrade, contact [email protected].
Setting the Meterian API Token in variables group
Select Library from the Pipelines menu and create a new Variable group. Then add
METERIAN_API_TOKEN (click on the lock icon to make it as secret variable).
Specify the variable group in the pipeline (Option A)
# Starter pipeline
# Start with a minimal pipeline that you can customize to build and deploy your code.
# Add steps that build, run tests, deploy, and mode:
# https://aka.ms/yaml
trigger:
- main
pool:
vmImage: 'ubuntu-latest'
variables:
- group: meterian-team-variables
Setting the Meterian API Token as a pipeline variable (Option B)
- From the Pipeline editor, click on Variable in the top right corner
Add Meterian task to the pipeline
- In the Review section (or whenever editing the Pipeline) Click on "Show Assistant" and select "Meterian Scanner" from the list
- The Meterian task must be under "steps"
- Save the Pipeline
trigger:
- main
pool:
vmImage: 'ubuntu-latest'
variables:
- group: meterian-team-variables
steps:
- task: Meterian Scanner@0
It is possible to specify the Meterian CLI options and also to specify a custom working directory, neither of them is required.
steps:
- task: Meterian Scanner@0
inputs:
client_options: "--min-security=90"
working_directory: "$(Build.SourcesDirectory)/path/to/directory"
Last modified 2yr ago