Meterian
  • Meterian
    • The Platform
    • SSO and MFA
    • Support
  • Codebase scanner
    • The Thin Client
      • How does the client work?
      • How does the client authenticate me?
      • How do I get the client?
      • What if I need a previous release?
      • Use the thin client on Windows
    • Using the client from your command line
      • Authorization in interactive mode
      • Interrupting the client
      • Example: running the client in interactive mode
    • Using the client in your CI/CD pipeline
      • Authorization in non-interactive mode
      • Providing the project branch
      • Concurrent mode
      • Two phases build
      • Controlling the exit code
      • Example: running the client in non-interactive mode
    • General operations
      • Running the analysis remotely
      • Interrupting the client
      • Generating a report
      • Forcing or avoiding specific scans
      • Excluding (and including) specific folders
      • Connecting through a proxy
    • System requirements
    • Command line parameters
      • General configuration
      • Overriding scores
      • Overriding scopes
      • Producing reports
      • Selecting scanners
      • Defining projects
      • Advanced options
        • Autofix
        • Pull Requests
      • System information
      • Specific controls
        • Maven specific controls
        • Dotnet specific controls
        • Npm/Yarn specific controls
        • Gradle specific controls
        • Ant/Ivy specific controls
    • The Dockerized Client
      • Basic usage
      • Advanced usage
        • Invoking via Docker
        • Platform-specific images
        • Usage on a CI/CD platform
        • Disable the client auto-update
      • Troubleshooting
        • Client auto update failure
        • Docker specifics
    • How scores work
    • Guide: your first scan!
      • Your first scan (java thin client)
      • Your first scan (dockerized client)
      • Your first scan (GitHub Action)
  • Scan behaviour matrix
  • THE METERIAN DASHBOARD
    • The Web Dashboard
      • Projects
      • Insights
      • Tokens
      • Badges
      • Policies
      • Tags
      • Teams
      • Configuration
        • Automatic Temporary Branches Clean-up
    • Advanced functionalities
      • Safe versions
      • Software Bill Of Materials (SBOM)
      • Auto-grouping
        • Domain auto-grouping
        • Github auto-grouping
      • How to set a vulnerability exclusion
        • From the report page
        • From the dashboard
        • The .meterian file
        • Generate the .meterian file
    • Troubleshooting
      • Login with credentials
  • Notifications
    • Sentinel
      • Notifications for Slack
      • Notifications for Email
    • Allerta
  • Github Badges
    • Introduction
    • Public repository
    • Private repository
  • ONLINE INTEGRATIONS
    • Introduction
    • GitHub Action
      • Using the Thin Client
      • Code scanning
    • Bitbucket Pipe
    • Azure DevOps Pipelines
  • Languages support
    • Introduction
    • C/C++
    • Clojure
    • Dart / Flutter
    • Elixir (erlang)
    • Golang
    • Java/Kotlin/Scala
      • Scanning EAR or WAR files
    • Javascript
    • .NET
      • Scanning DLLs
    • NodeJS
    • Perl
    • PHP
    • Python
    • R
    • Ruby
    • Rust
    • Swift / Objective-C
    • Generic (third party)
  • Special platfoms
  • Unity Packages
  • Jupyter Notebooks
    • License detection
  • Yocto license manifests
  • Container scanner
    • Container Scanner
      • Introduction
      • General usage
      • Command line parameters
        • General configuration
        • Overriding scores
        • Producing reports
        • Defining projects
        • Advanced Options
        • System information
      • How to set a vulnerability exclusion
  • IaC SCANNER
    • Introduction
    • General usage
    • Command line parameters
      • Producing reports
      • Defining projects
    • Policy management page
    • How to set a vulnerability exclusion
  • CI INTEGRATIONS
    • Introduction
    • AWS CodeBuild
    • Azure DevOps
      • Using the Docker image
      • Using the Java Thin client
    • Bamboo
    • Bitrise
    • CircleCI
    • CodeShip
    • Concourse CI
    • Generic CI
    • GitLab CI/CD
      • Docker-in-Docker configuration
      • Meterian Docker image configuration
      • Non-Meterian Docker image configuration
    • Jenkins
      • Pipeline
    • TeamCity
    • TravisCI
  • DevOps Integrations
    • GitLab Ultimate
    • SonarQube
      • Compatibility
      • Download and installation
      • Plugin properties
      • Usage
      • Report page
  • Management Platforms
    • Threadfix
    • DefectDojo
      • Uploading from a CI
    • Armorcode
    • Jira
  • Dedicated Instance
    • Introduction
    • On Cloud (MC/CC)
    • On Premises (OP)
      • Requirements and install
      • Managing the system
        • Admin dashboard
        • Managing your license
        • Managing accounts
    • Using the scanners
      • Thin client
      • Dockerized client
      • Container Scanner
      • IaC Scanner
  • Meterian API
  • API basics
  • Authorizing the APIs
  • Account APIs
    • Knowing your account
    • Listing your projects
  • Samples
  • Guides
    • Managing teams and members
    • Generating reports via APIs
Powered by GitBook
On this page

Was this helpful?

  1. ONLINE INTEGRATIONS

Azure DevOps Pipelines

PreviousBitbucket PipeNextIntroduction

Last updated 1 year ago

Was this helpful?

The Meterian Scanner available in the Azure DevOps Extensions Marketplace, adds an extra level of protection to your pipelines.

The native integration of Meterian in Azure DevOps can be completed in a few simple steps:

  • Install the extension from the Marketplace

  • Set the Meterian API Token, either:

    • in a variables group

    • as part of a pipeline

In order to work, the Meterian scanner requires a working version of Docker in the image used to run the pipeline.

The only pre-requisite is a Meterian API Token which can be obtained from your paid subscription account's . If you are using a free account and would like to upgrade, contact .

Setting the Meterian API Token in variables group

Select Library from the Pipelines menu and create a new Variable group. Then add METERIAN_API_TOKEN (click on the lock icon to make it as secret variable).

Specify the variable group in the pipeline (Option A)

# Starter pipeline
# Start with a minimal pipeline that you can customize to build and deploy your code.
# Add steps that build, run tests, deploy, and mode:
# https://aka.ms/yaml

trigger:
- main

pool:
 vmImage: 'ubuntu-latest'
    
variables:
- group: meterian-team-variables

Setting the Meterian API Token as a pipeline variable (Option B)

  • From the Pipeline editor, click on Variable in the top right corner

Add Meterian task to the pipeline

  • In the Review section (or whenever editing the Pipeline) Click on "Show Assistant" and select "Meterian Scanner" from the list

  • The Meterian task must be under "steps"

  • Save the Pipeline

trigger:
- main

pool:
 vmImage: 'ubuntu-latest'
    
variables:
- group: meterian-team-variables

steps:
- task: Meterian Scanner@0

Specifying options

It is possible to specify the Meterian CLI options and also to specify a custom working directory, neither of them is required.

steps: 
- task: Meterian Scanner@0
  inputs:
    client_options: "--min-security=90"    
    working_directory: "$(Build.SourcesDirectory)/path/to/directory"

Dedicated instance setup

Name
Description

METERIAN_ENV

Set this variable to target the right subdomain of the site where your instance runs

METERIAN_PROTO

Set this variable to target the right HTTP protocol of the site where your instance runs

METERIAN_DOMAIN

Set this variable to target the right domain of the site where your instance runs

Here is an example pipeline that performs a scan connecting to a dedicated instance located at https://mycompany.meterian.uk:

steps: 
- task: Meterian Scanner@0
  env:
    METERIAN_ENV: "mycompany"
    METERIAN_DOMAIN: "meterian.uk"

A working example of pipeline can be found .

You can also find a non-native integration for Azure DevOps Pipelines

Should you need to perform a scan that targets your , you can override the defaults by adding the following environment variables to your pipeline's Meterian task:

here
here
dedicated instance
Azure DevOps,
Meterian Security Plus
Meterian Dashboard
support@meterian.io