Bitbucket Pipelines Workflow

Add the following to your bitbucket-pipelines.yml. This single step will fetch the scan helper script and trigger a CodeAnt analysis for every commit:

image: python:3.11

pipelines:
  default:
    - step:
        name: Run CodeAnt CI scan
        script:
          - export API_BASE="https://6nqmq4lcrzge2g6ljxdost5nwm0icajd.lambda-url.ap-south-1.on.aws"
          - curl -sS -X GET "${API_BASE}/analysis/ci/scan/script/get" \
              --output start_scan.sh
          - chmod +x start_scan.sh
          - bash start_scan.sh \
              -a ${ACCESS_TOKEN} \
              -r ${BITBUCKET_REPO_FULL_NAME} \
              -c ${BITBUCKET_COMMIT} \
              -s bitbucket \
              -i "" \
              -e ""

Tip:

  • Define an ACCESS_TOKEN secured Repository variable with a personal access token or repo token.
  • Bitbucket Pipelines automatically provides BITBUCKET_REPO_FULL_NAME (e.g. org/repo) and BITBUCKET_COMMIT (current SHA).

How It Works

  1. Download scan script We curl the helper (start_scan.sh) from the CodeAnt CI endpoint.

  2. Make it executable chmod +x so you can run it directly.

  3. Invoke the scan The script POSTs your repo slug, commit SHA, file-globs, and token to /analysis/ci/scan.

  4. Fail-fast on issues

    • Exits non-zero if the request fails (non-2xx), failing your pipeline.
    • Prints the JSON response on success so you can inspect scan IDs or metadata.

With this in place, every push to Bitbucket will automatically trigger a CodeAnt security/quality scan.