Coverity on Polaris for Azure DevOps

Invoke various Coverity on Polaris analysis options on your builds in Azure Pipelines.

The Coverity on Polaris plug-in for Azure DevOps enables you to invoke Coverity on Polaris analysis from your continuous integration (CI) pipeline builds in Azure DevOps, which result in a pass or fail for the build. The Coverity on Polaris plug-in for Azure works with Azure DevOps jobs in Azure Pipelines, which works to constantly and consistently test and build your code. This Coverity on Polaris plug-in enables you to invoke different Coverity on Polaris analysis options on your builds in Azure Pipelines and fails a build when there are one or more issues found in the scan results. When you commit code to a repository, a build can be triggered and the Coverity on Polaris scan returns a pass or fail status for that build.

Coverity on Polaris incremental analysis (LCA) in Azure Devops enables you to scan files (changeset) that represent the difference between the current build and the last successful build.

Note: The plug-in (extension) can only generate changeset files for projects that use Git as their version control system.
Coverity on Polaris plug-in

Users and roles

The following roles/permissions are required.
  • API token in Coverity on Polaris to use with the plug-in so that it can access a Coverity on Polaris instance.
  • Administrator permission in Azure to install the Coverity on Polaris plug-in.

Basic workflow

The following describes a high-level overview of the workflow.

  1. You commit code to a branch in your repository.
  2. You run a build on a local Microsoft build agent.
  3. The plug-in downloads and installs the Coverity on Polaris CLI and executes it using the Coverity on Polaris YAML file that you checked into the source repository. 
  4. The Coverity on Polaris CLI captures your code and sends it to Coverity on Polaris for analysis. A link to results in Coverity on Polaris is provided when you run the Coverity on Polaris command using the -w option.
  5. The plug-in can check for issues when the Coverity on Polaris task in finished and fails the build if issues are found.

Configuration overview

The following is an overview of the steps to set up the Coverity on Polaris plug-in.

  1. Create an organization and project in Azure.
  2. Install the Coverity on Polaris plug-in from the Visual Studio Marketplace.
  3. Create a self-hosted build agent. 
  4. Create a pipeline in your project.
  5. Add a project to your repository and include a Coverity on Polaris YAML file.
  6. Create a task in the pipeline to add the plug-in.
  7. Configure the plug-in by adding a new Coverity on Polaris service endpoint using the Coverity on Polaris instance URL, and API key.
  8. Add an agent job. If you've already created a self-hosted build agent, you can select it here. Otherwise, you can select the default option which is a Microsoft hosted agent.
  9. Queue or save and queue to run a build.
  10. View the results to check if the build passes or fails.
Here's an example of a build that fails because Coverity on Polaris finds issues.
Coverity on Polaris plug-in