Integrating Coverity Options for Azure DevOps Pipeline

Use the following options to integrate Coverity into an ADO pipeline:

  • All-in-one Script
    Add a traditional BAC script as a task in a job under ADO.

  • Individual Tasks 
    Split each BAC step into separate tasks in a job under ADO.

  • Task Group 
    Construct a template of tasks with variables as inputs that can be added directly to the job.

  • Pipeline YAML file 
    CI as code, where the steps are specified in a YAML file, committed to SCM and called from the source repository.

Using a script

This method uses an all-in-one script to do the Coverity BAC as a single task.

  1. Create a New Pipeline.

  2. Enter Source Repository.

  3. Use Empty Job Template.

  4. Add Task to Agent Job 1.

  5. Under the Utility category, select and add a Command Line task.

  6. Enter the following code into Command-Line task

Coverity BAC shell script

1 2 3 4 5 6 7 8 9 10 set COVHOST=localhost set STREAM=hello-java set IDIR=$(Build.SourcesDirectory)/idir set AUTHKEY=C:/Tools/Coverity/Analysis/commit-authkey set COVBIN=C:/Tools/Coverity/Analysis/2019.03/bin     %COVBIN%/cov-build --dir %IDIR% --fs-capture-search $(Build.SourcesDirectory) mvn -B clean package -DskipTests    %COVBIN%/cov-import-scm --dir %IDIR% --scm git   %COVBIN%/cov-analyze --dir %IDIR% --strip-path $(Build.SourcesDirectory) --all --enable-callgraph-metrics --webapp-security    %COVBIN%/cov-commit-defects --dir %IDIR% --host %COVHOST% --auth-key-file %AUTHKEY% --stream %STREAM% --description $(Build.BuildURI) --target Windows_x86_64 --version $(Build.SourceVersion)

Using tasks

This method is similar to the all-in-one script but it breaks each step into separate tasks and uses variables: 

  1. Create a New Pipeline

  2. Enter Source Repository

  3. Use Empty Job Template

  4. Add the following, Under the Variables tab:

    • cov.authkey

    • cov.bin


    • cov.idir


    • Add separate Command Line tasks to Job for cov-build, cov-analyze and cov-commit-defects.


      1 cov-build --dir $(cov.idir) mvn -B clean package -DskipTests


      1 cov-analyze --dir $(cov.idir) --all --enable-callgraph-metrics --webapp-security


      1 cov-commit-defects --dir $(cov.idir) --host $( --auth-key-file $(cov.authkey) --stream $( --description $(Build.BuildURI) --target Windows_x86_64 --version $(Build.SourceVersion)

Using a task group

ADO Task Groups enable you to create a collections of tasks as per the above section, then save them as a single task group. A task group only exposes the user defined variables (with defaults) when the job runs.

A task group can be exported as a JSON file and imported into other build pipelines or ADO servers. This works well for reusing the same BAC recipe across lots of similar CI pipelines.

  1. Reuse or recreate the 3-task Coverity BAC job from the previous section.

  2. Select the three BAC tasks.

  3. Right click and Create Task Group.

  4. Any user defined variables will be presented for default values and description.

  5. Once created, task groups will be available for modification and export under Pipelines > Task Groups.

Using a YAML file

To set up a YAML based Coverity BAC, commit the following to your repository and then create a new build pipeline, selecting configuration as code and coverity.yml as the YAML source.

  1. Commit ADO YAML file (examples below) to project repo.

  2. If using plugin, install plugin and configure service connection (see above).

  3. Create a new pipeline ADO > Project > Pipelines > New Pipeline

  4. Select Repo and Branch

  5. Select "Use Existing YAML file"

  6. Browse and select the YAML file


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 name: $(Date:yyyyMMdd).$(Rev:.r) variables:   cov.authkey: 'c:/tools/coverity/analysis/commit-authkey'   cov.bin: 'c:/tools/coverity/analysis/2019.03/bin' 'localhost'   cov.idir: '$(Build.SourcesDirectory)/idir' 'hello-java' jobs: - job: Coverity   pool:     name: private-windows   workspace:     clean: all   steps:   - task: CmdLine@2     displayName: cov-build     inputs:       script: '$(cov.bin)/cov-build --dir $(cov.idir) --fs-capture-search $(Build.SourcesDirectory) mvn -B clean package -DskipTests'   - task: CmdLine@2     displayName: cov-import-scm     inputs:       script: '$(cov.bin)/cov-import-scm --dir $(cov.idir) --scm git'   - task: CmdLine@2     displayName: cov-analyze     inputs:       script: '$(cov.bin)/cov-analyze --dir $(cov.idir) --strip-path $(Build.SourcesDirectory) --all --enable-callgraph-metrics --webapp-security'   - task: CmdLine@2     displayName: cov-commit-defects     inputs:       script: '$(cov.bin)/cov-commit-defects --dir $(cov.idir) --host $( --auth-key-file $(cov.authkey) --stream $( --description $(Build.BuildURI) --target Windows_x86_64 --version $(Build.SourceVersion)'