Our website uses cookies to enhance your browsing experience.
Accept
to the top
Home
>
Documentation
>
Running PVS-Studio in Azure DevOps
menu mobile close menu
Introduction
How to enter the PVS-Studio license and what's the next move
PVS-Studio's trial mode
System requirements
Technologies used in PVS-Studio
Release history
Release history for previous versions (before 7.00)
Analyzing projects
On Windows
Getting acquainted with the PVS-Studio static code analyzer on Windows
Build-system independent analysis (C and C++)
Direct integration of the analyzer into build automation systems (C and C++)
On Linux and macOS
PVS-Studio C# installation on Linux and macOS
How to run PVS-Studio C# on Linux and macOS
Installing and updating PVS-Studio C++ on Linux
Installing and updating PVS-Studio C++ on macOS
How to run PVS-Studio C++ on Linux and macOS
Cross-platform
Direct use of Java analyzer from command line
Cross-platform analysis of C and C++ projects in PVS-Studio
PVS-Studio for embedded development
Analysis of C and C++ projects based on JSON Compilation Database
IDE
Get started with PVS-Studio in Visual Studio
Using PVS-Studio with JetBrains Rider and CLion
How to use the PVS-Studio extension for Qt Creator
How to integrate PVS-Studio in Qt Creator without the PVS-Studio plugin
Using the PVS-Studio extension for Visual Studio Code
Using PVS-Studio with IntelliJ IDEA and Android Studio
Build systems
Analyzing Visual Studio / MSBuild / .NET projects from the command line using PVS-Studio
Using PVS-Studio with the CMake module
Integrating PVS-Studio Java into the Gradle build system
Integrating PVS-Studio Java into the Maven build system
Game Engines
How to analyze Unity projects with PVS-Studio
Analysis of Unreal Engine projects
Continuous use of the analyzer in software development
Running PVS-Studio in Docker
Running PVS-Studio in Jenkins
Running PVS-Studio in TeamCity
How to upload analysis results to Jira
PVS-Studio and continuous integration
PVS-Studio's incremental analysis mode
Analyzing commits and pull requests
Unattended deployment of PVS-Studio
Speeding up the analysis of C and C++ code through distributed build systems (Incredibuild)
Integrating of PVS-Studio analysis results in code quality services (web dashboard)
Integration of PVS-Studio analysis results into DefectDojo
Integration of PVS-Studio analysis results into SonarQube
Integration of PVS-Studio analysis results into CodeChecker
Deploying the analyzer in cloud Continuous Integration services
Using with Travis CI
Using with CircleCI
Using with GitLab CI/CD
Using with GitHub Actions
Using with Azure DevOps
Using with AppVeyor
Using with Buddy
Managing analysis results
How to display the analyzer's most interesting warnings
How to use the OWASP diagnostic group in PVS-Studio
MISRA Coding Standards and Compliance
Baselining analysis results (suppressing warnings for existing code)
Handling the diagnostic messages list in Visual Studio
Suppression of false-positive warnings
How to view and convert analyzer's results
Relative paths in PVS-Studio log files
Viewing analysis results with C and C++ Compiler Monitoring UI
Notifying the developer teams (blame-notifier utility)
Filtering and handling the analyzer output through diagnostic configuration files (.pvsconfig)
Excluding files and directories from analysis
Additional configuration and resolving issues
Tips on speeding up PVS-Studio
PVS-Studio: troubleshooting
Additional diagnostics configuration
User annotation mechanism in JSON format
Annotating C and C++ entities in JSON format
Annotating C# entities in JSON format
Predefined PVS_STUDIO macro
Analysis configuration file (Settings.xml)
Settings: general
Settings: Common Analyzer Settings
Settings: Detectable Errors
Settings: Don't Check Files
Settings: Keyword Message Filtering
Settings: Registration
Settings: Specific Analyzer Settings
Analyzer diagnostics
PVS-Studio Messages
General Analysis (C++)
General Analysis (C#)
General Analysis (Java)
Micro-Optimizations (C++)
Micro-Optimizations (C#)
Diagnosis of 64-bit errors (Viva64, C++)
Customer specific requests (C++)
MISRA errors
AUTOSAR errors
OWASP errors (C++)
OWASP errors (C#)
OWASP errors (Java)
Problems related to code analyzer
Additional information
Credits and acknowledgements
toggle menu Contents
Apr 06 2021

Running PVS-Studio in Azure DevOps

Apr 06 2021

Azure DevOps is a cloud platform that helps developers write and run applications, and stores data on remote servers. The platform contains the following tools: Azure Pipeline, Azure Board, Azure Artifacts, and others. They speed up development and improve code quality.

This documentation describes an example of the PVS-Studio integration for analyzing C# code. The commands to run PVS-Studio for analyzing C, C++ or Java code will be different. Please consult the following documentation sections: "Cross-platform analysis of C and C++ projects in PVS-Studio" and "Direct use of Java analyzer from command line".

In this tutorial we'll integrate analysis into a project's build.

Go to 'Pipelines -> Builds' and create a new Build pipeline.

Specify the project's source. For example, GitHub.

Authorize the Azure Pipelines application and specify the repository that contains the project.

Choose 'Starter pipeline' as the pipeline template.

To run static code analysis, you can use a Microsoft-hosted or self-hosted agent.

Use a Microsoft-hosted agent

Microsoft-hosted agents are regular virtual machines. You can request one to run a Pipeline. The virtual machine is automatically discarded after the task is completed. These agents are convenient because you do not need to maintain or update them.

Replace the default build configuration with the following code:

# Configure launch triggers. Run only for changes in the master branch.
trigger:
- master

# Since virtual machines do not allow third-party software,
# run a Docker container
# on a Windows Server 1803 virtual machine.
pool:
  vmImage: 'win1803'
container: microsoft/dotnet-framework:4.7.2-sdk-windowsservercore-1803

steps:
# Download the analyzer distribution.
- task: PowerShell@2
  inputs:
    targetType: 'inline'
    script: 'Invoke-WebRequest 
               -Uri https://files.pvs-studio.com/PVS-Studio_setup.exe 
               -OutFile PVS-Studio_setup.exe'
- task: CmdLine@2
  inputs:
    workingDirectory: $(System.DefaultWorkingDirectory)
    script: |
# Restore the project and download dependencies.
      nuget restore .\ShareX.sln
# Create a directory for analyzer report files.
      md .\PVSTestResults
# Install the analyzer.
      PVS-Studio_setup.exe /VERYSILENT /SUPPRESSMSGBOXES 
                           /NORESTART /COMPONENTS=Core
# Register license information.
      "C:\Program Files (x86)\PVS-Studio\PVS-Studio_Cmd.exe" 
          credentials 
          -u $(PVS_USERNAME) 
          -n $(PVS_KEY)
# Run PVS-Studio analysis.
      "C:\Program Files (x86)\PVS-Studio\PVS-Studio_Cmd.exe" 
         -t .\ShareX.sln  
         -o .\PVSTestResults\ShareX.plog
# Convert the report to the html format.
      "C:\Program Files (x86)\PVS-Studio\PlogConverter.exe" 
         -t html 
         -o .\PVSTestResults\ 
         .\PVSTestResults\ShareX.plog
# Publish analyzer reports.
- task: PublishBuildArtifacts@1
  inputs:
    pathToPublish: PVSTestResults
    artifactName: PVSTestResults

Now add variables needed to create a license file. To do this, open the Pipeline editing window, and click 'Variables' in the upper-right corner.

Add the 'PVS_USERNAME' and 'PVS_KEY' variables that the username and license key values. When creating the 'PVS_KEY' variable, check 'Keep this value secret'. This keeps the value encrypted and prevents it from showing up on the task execution log.

To analyze the project, click the 'Run' that starts the Pipeline.

Use a self-hosted agent

A second way to run analysis is to use a self-hosted agent. Self-hosted agents are agents you configure and manage on your own. Such agents support more software you may need to build and test a project.

Before you can use these agents for static analysis, configure them as the instructions say, and then install and configure the static analyzer.

To run tasks on self-hosted agents, replace the default configuration with the following code:

# Configure launch triggers. Master branch analysis.
trigger:
- master

# Set tasks to run on a self-hosted agent selected from the 'MyPool' pool. 
pool: 'MyPool'

steps:
- task: CmdLine@2
  inputs:
    workingDirectory: $(System.DefaultWorkingDirectory)
    script: |
# Restore the project and download dependencies.
      nuget restore .\ShareX.sln
# Create a directory for analysis report files
      md .\PVSTestResults
# Run PVS-Studio analysis.
      "C:\Program Files (x86)\PVS-Studio\PVS-Studio_Cmd.exe" 
         -t .\ShareX.sln
         -o .\PVSTestResults\ShareX.plog
# Convert the report to the html format.
      "C:\Program Files (x86)\PVS-Studio\PlogConverter.exe"
         -t html
         -o .\PVSTestResults\
         .\PVSTestResults\ShareX.plog
# Publish analyzer reports.
- task: PublishBuildArtifacts@1
  inputs:
    pathToPublish: PVSTestResults
    artifactName: PVSTestResults

After the task is completed, you can download an archive with reports from the 'Summary' tab. Alternatively, you can get reports by email. Use the Send Mail tool to configure email settings.

Additional features

Completing a run with a failure

If you want the build step to stop and return an error message if there are analyzer warnings, you can use the PlogConverter utility. With PlogConverter utility you can set a warning level at which the run will stop. An example of the code fragment to set the stop step to the end of the configuration: 

- task : PowerShell@2
  inputs:
    targetType: 'inline'
    script:  |
    & "C:\Program Files (x86)\PVS-Studio\PlogConverter.exe" -t json -a GA:1 
-o .\PVSTestResults\  .\PVSTestResults\TestTask.plog 
--indicateWarnings  --noHelpMessages 
    IF ($LASTEXITCODE -eq 0)  {exit 0} ELSE {Write-Host
"##vso[task.logissue type=error]Analysis log contains High level warnings.";
 Write-Host "##vso[task.complete result=Failed;]"; exit 0 }

Use the ‑‑analyzer (-a) flag of the PlogConverter utility to change the type of warnings the task will respond to.

Viewing analysis results

You can use the SARIF SAST Scans Tab extension to view the analyzer's report on the run results page.

To convert a report to the SARIF format and use the extension, add the following steps:

- task: CmdLine@2
  inputs:
    workingDirectory: $(System.DefaultWorkingDirectory)
    script: "C:\Program Files (x86)\PVS-Studio\PlogConverter.exe" -t sarif 
-o .\PVSTestResults\  .\PVSTestResults\TestTask.plog

- task: PublishBuildArtifacts@1
  inputs:
    PathtoPublish: .\PVSTestResults\TestTask.plog.sarif
    ArtifactName: CodeAnalysisLogs

After completing the pipeline, the analyzer's report will be added to the run result page in the Scans tab.

Was this page helpful?

< Previous
Next >
close form

Fill out the form in 2 simple steps below:

Your contact information:

Step 1
Congratulations! This is your promo code!

Desired license type:

Step 2
Team license
Enterprise license
* Difference between Team and Enterprise
Didn't get our email?
close form
Request our prices
Why do we ask to use Business Email?
New License
License Renewal
--Select currency--
USD
EUR
Didn't get our email?
close form
Free PVS‑Studio license for Microsoft MVP specialists
Why do we ask to use Business Email?
Didn't get our email?
close form
To get the licence for your open-source project, please fill out this form
Didn't get our email?
close form
I want to join the test
Why do we ask to use Business Email?
Didn't get our email?
* By clicking this button you agree to our Privacy Policy statement

close form
check circle
Message submitted.

Your message has been sent. We will email you at


If you do not see the email in your inbox, please check if it is filtered to one of the following folders:

  • Promotion
  • Updates
  • Spam