The course is part of these learning paths
This course explores how to manage code quality and security policies with Azure DevOps, and will help those preparing for Microsoft's AZ-400 exam.
It starts by examining the definition of code quality and how to write high-quality code. Next, we’ll look at what goes into code quality scanning and at how SonarCloud can help monitor code quality, and you'll see a hands-on demonstration that shows you how to use SonarCloud in the pipeline.
You'll learn what code coverage means and how to use the “Publish Code Coverage Results” task to report on code coverage. This course also covers security policies, including OWASP and its Top-10 list, as well as looking at a couple of popular security analysis tools.
If you have any feedback relating to this course, feel free to get in touch with us at support@cloudacademy.com. Any URLs referenced during this course can be found in the relevant lecture transcripts.
Learning Objectives
- Understand what high-quality code is and how to write quality code
- Learn how to monitor code quality
- Learn how to report on code coverage
- Learn about the OWASP Top Ten
- Understand how security analysis tools can be used in conjunction with Azure DevOps to check code for vulnerabilities
- Learn how to configure SonarCloud in a pipeline
Intended Audience
This course is intended for those who are preparing for the AZ-400 exam, or anyone who wants to learn more about managing code quality and security policies with Azure DevOps.
Prerequisites
To get the most from this course, you should have a basic understanding of Microsoft Azure and of DevOps concepts.
Hello and welcome to Reporting on Code Coverage. In this lesson, we are going take a look at how you can report on your code overage, using Azure DevOps.
Before we dive into DevOps, let’s quickly define what code coverage means. Code coverage is the proportion of code within a project that’s tested through things like unit tests. Ensuring that a large portion of your code is tested helps guard against bugs – this is why code coverage is so important.
Reporting on code coverage allows you to identify code paths that are not covered by tests. You can use this information to reduce your test debt.
The “Publish Code Coverage Results Task” is a task in a build pipeline you use to publish code coverage results that are produced when you run tests to Azure Pipelines or TFS to obtain coverage reporting. This task supports coverage result formats like Cobertura and JaCoCo.
I should note that the “Publish Code Coverage Results Task” can only be used in Build pipelines. It’s not supported in Release pipelines.
Other tasks, like Visual Studio Test, .NET Core, Ant, Maven, and some others also offer the option to publish code coverage data to the pipeline. When using these tasks, you don’t need a separate Publish Code Coverage Results task in the pipeline.
Before you can produce the HTML code coverage report, you’ll have to install dotnet 2.0.0 or later on the agent. In addition, the dotnet folder has to be included in the environment path.
The YAML snippet that you see on your screen is required to publish the code coverage results.
In this snippet you see, both the codeCoverageTool and summaryFileLocation parameters are mandatory.
The summaryFileLocation argument is a required parameter. It’s the path to the summary files that contain the code coverage statistics. The pathToSources argument is the path to your source files. This argument is only required when coverage XML reports do not contain an absolute path to the source files. The failIfCoverageEmpty argument is an optional argument that fails the task if code coverage doesn’t produce any results to publish.
If you are using Docker, builds and tests can run inside the container. This allows you to generate code coverage results right within the container itself. If you wish to publish the results to your pipeline, the resulting artifacts have to be made available to the Publish Code Coverage Results task.
Once you’ve generated your code coverage results, the code coverage summary can be viewed in your build timeline view. You can use this summary to see the overall percentage of line coverage.
You can view the code coverage artifacts that were published during the build under the Build artifacts published milestone in the timeline view.
If you use Cobertura or JaCoCo coverage formats to publish your code coverage, the code coverage artifact will contain an HTML file that you can view offline as well.
Lectures
Course Introduction - Code Quality Defined - Monitoring Code Quality - The OWASP Top Ten - Security Analysis Tools - DEMO: Configuring SonarCloud in a Pipeline - Course Summary
Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.
In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.
In his spare time, Tom enjoys camping, fishing, and playing poker.