CodeScan SCA Settings
Unlike PMD, where rules live in Copado, CodeScan rules are defined in a CodeScan account.
If you want to integrate all the functionality included in your CodeScan license with Copado, you need to configure a new Static Code Analysis Settings record in Copado and link it to your CodeScan account.
Follow these steps to create SCA Settings for CodeScan:
- Log in to the org where Copado is installed.
- Navigate to the Static Code Analysis Settings tab and then click on New to create a new record.
- Select CodeScan as record type:
- This will open a new Static Code Analysis Settings record:
- Give your settings a name.
- Select a version depending on your CodeScan license: Cloud or on-premise SonarQube.
- Enter a CodeScan token created in your CodeScan account. For more information about how to create a token, check out the article How to Create a CodeScan Token.
- Type the URL to access your CodeScan:
- For CodeScan cloud version use https://app.codescan.io. If you select Cloud as CodeScan Version, you will need to fill in the Cloud Organization field with the organization key that exists under My Organizations in https://app.codescan.io.
- If you have CodeScan on-premise, you need to expose the machine where CodeScan is installed and include the URL in this field.
- Click on Save.
Once you have completed all the steps above, add your Static Code Analysis Settings to your pipeline:
From now on, whenever you run a static code analysis from a User Story or an Org Credential record associated to an environment inside this pipeline, it will take these SCA settings and will create a new Static Code Analysis Results record with the scan details and a link to the CodeScan results.