This page explains how you can integrate HoundDog.ai's code scanner with Azure DevOps Pipelines.
Defining the Required Secret Variables
First, follow the steps in API Keys to generate a HoundDog.ai API key. Then follow the instructions in the Azure documentation to create a variable group in Azure DevOps Library, and a secret variable named HoundDogApiKey using the value of your new key.
Here is an example screenshot showing how to create a secret variable:
Defining the Scan Step in azure-pipelines.yml
Next, add a new step in the azure-pipelines.yml file at the root of your repository. Here is an example which scans your repository and uploads the results to HoundDog.ai Cloud Platform:
triggermainpool vmImageubuntu-latestvariablesgrouptest-groupstepscheckoutself displayNameCheckout repositoryscript docker run --pull=always -t -v .:/data -e AZURE_PIPELINES=1 -e HOUNDDOG_GIT_BRANCH=$(Build.SourceBranchName) -e HOUNDDOG_API_KEY=$(HoundDogApiKey) hounddogai/hounddog hounddog scan displayNameRun HoundDog.ai ScanEnvironment variables AZURE_PIPELINES, HOUNDDOG_GIT_BRANCH and HOUNDDOG_API_KEY are required for using the HoundDog.ai Cloud Platform.
Blocking the Pipeline Upon Detecting Vulnerabilities
HoundDog.ai's code scanner exits with return code 0 (success) by default. To halt the pipeline upon detecting vulnerabilities, provide the --fail-severity-threshold option to the hounddog scan command:
triggermainpool vmImageubuntu-latestvariablesgroupstagingstepscheckoutself displayNameCheckout repository # Fail if a vulnerability with severity "medium" or higher is detected.script docker run --pull=always -t -v .:/data -e AZURE_PIPELINES=1 -e HOUNDDOG_GIT_BRANCH=$(Build.SourceBranchName) -e HOUNDDOG_API_KEY=$(HoundDogApiKey) hounddogai/hounddog hounddog scan --fail-severity-threshold=medium displayNameRun HoundDog.ai ScanTo view all available command-line options for the hounddog scan command, see Scanner Configuration.