SARIF Reports as input for BuildQualityChecks

[ncook-hxgn]

Describe the context

• Extension: BuildQualityChecks
• Environment: Azure DevOps Services (cloud)
• Agent type: Microsoft-hosted, self-hosted agent, or Container
  • Agent version: latest
• Pipeline type: yaml pipeline

Describe the problem and expected behavior

I'd like the BuildQualityChecks to optionally look at some specified CodeAnalysisLogs folder for probably *.sarif reports and use the data therein in comparison against the baseline stored on another branch, likely main - like with the code coverage and warnings etc - and fail/warn my build accordingly. Please? 😇

Tell you what, if it was aware of the SAST Scans Tab, that'd be amazing.

Task logs Run your pipeline with the following variables: // - For BuildQualityChecks: System.Debug and BQC.LogRawData set to true // Send the task log to [email protected] and reference your GitHub issue.