Steampunk Spotter
Integrating Steampunk Spotter with Azure DevOps Pipelines
July 29, 2025 - Words by Maja Franko, Tit Sober - 2 min read
Want to catch deprecated code, security issues, or compliance problems before they hit your main branch? With native support for Azure Pipelines, Steampunk Spotter brings automation and actionable feedback directly into your CI/CD workflows—now with seamless integration into Azure DevOps.
In this blog post, we’ll walk you through how to utilize Steampunk Spotter from your Azure DevOps project and scan your Ansible content automatically with every pipeline run.
Step 1: Set Up Your Azure DevOps Project
Start by creating a new project in Azure DevOps. Once created, navigate to the Repos section in the sidebar to push your initial code.
To test the integration, add an intentionally deprecated Ansible playbook to your repository. This will help you see Spotter in action when the pipeline runs. Here’s an example of a playbook with outdated syntax and practices:
- name: Playbook for rewriting
hosts: localhost
tasks:
- action: file mode=0644 state=present
delegate_to: localhost
- action:
module: file
mode: '0644'
state: present
delegate_to: localhost
- ansible.builtin.debug:
var: something
always_run: true
when: true
- name: Test input
openssl_certificate:
vars:
a: b
- name: include task with vars unordered - changed from 2.7
include_tasks: a=b my_test_tasks.yml c=d
when: true
- include_tasks: a=b my_test_tasks.yml c=d
when: true
- local_action: mode=0644 state=present file
- local_action:
module: file
mode: '0644'
state: present
After you commit the code to your repository, you can start with the creation of your first pipeline.
Step 2: Create the Pipeline
Next, go to the Pipelines section in the Azure DevOps menu and click Create Pipeline.
Choose Azure Repos Git as your code source, select the repository we’ve just set up, and then go with the Starter pipeline option.
You’ll be presented with a basic YAML pipeline configuration. You can go ahead and paste the following configuration into the generated code.
This is the example configuration for the pipeline to run a Spotter scan on a push.
trigger:
branches:
include:
- main
variables:
- group: tokens
steps:
- script: |
python3 -m venv .venv
source .venv/bin/activate
echo "Starting the install"
pip install steampunk-spotter
echo "Finished the install"
echo "Starting the scan"
spotter scan . \
--junit-xml spotter-report.xml
env:
SPOTTER_TOKEN: $(SPOTTER_API_TOKEN)
continueOnError: true
displayName: 'Run Spotter Scan'
- task: PublishTestResults@2
inputs:
testResultsFiles: 'spotter-report.xml'
displayName: 'Publish Test Results'
Next, you save the configuration and go to setup our tokens.
Step 3: Set up API token
To start off go to the Steampunk Spotter web interface at https://spotter.steampunk.si/my-profile/api-tokens and create a new token. Add the name and the expiration date of the token.
After that you go to the Pipelines and click on the Library option. Create a new group and add your token. Name it SPOTTER_TOKEN and paste in the token you generated in the step before.
After that you can simply run your CI pipeline and see what results you get.
This configuration will run Spotter against the Ansible content in your repository and provide real-time feedback on any deprecated modules, compliance violations, or best practice issues.
What You Get Out of the Box
With Spotter integrated into Azure DevOps, your team benefits from:
Automated quality checks on every commit.
Early detection of deprecated or insecure Ansible code.
Actionable recommendations directly in your pipeline output.
No additional setup needed once integrated—Spotter works out of the box.
