Skip to main content

Overview

Run automated security and code quality scanning on your repository with comprehensive analysis, vulnerability detection, and detailed insights. Reference Repository: ci-scan-codeant

Features

  • 🛡️ Automated security and code quality scanning
  • 🔍 Deep code analysis and vulnerability detection
  • 📊 Detailed reports and insights
  • ⚡ Fast and easy integration

Prerequisites

Before using the pipe, configure these repository variables in Repository Settings → Pipelines → Repository variables:
  • BITBUCKET_ACCESS_TOKEN - Your Bitbucket access token (App password or repository access token)

Basic Usage

Example 1: Run CI Scan on Every Push

image: atlassian/default-image:3

pipelines:
  default:
    - step:
        name: CodeAnt CI Scan
        script:
          - pipe: docker://public.ecr.aws/d2p9q4a9/ci-scan-codeant:latest
            variables:
              ACCESS_TOKEN: $BITBUCKET_ACCESS_TOKEN

Example 2: Run CI Scan on Pull Requests Only

image: atlassian/default-image:3

pipelines:
  pull-requests:
    '**':
      - step:
          name: CodeAnt CI Scan
          script:
            - pipe: docker://public.ecr.aws/d2p9q4a9/ci-scan-codeant:latest
              variables:
                ACCESS_TOKEN: $BITBUCKET_ACCESS_TOKEN
                API_BASE: "https://api.codeant.ai"

Example 3: Branch-Specific Scanning

image: atlassian/default-image:3

pipelines:
  branches:
    main:
      - step:
          name: CodeAnt CI Scan
          script:
            - pipe: docker://public.ecr.aws/d2p9q4a9/ci-scan-codeant:latest
              variables:
                ACCESS_TOKEN: $BITBUCKET_ACCESS_TOKEN

    develop:
      - step:
          name: CodeAnt CI Scan
          script:
            - pipe: docker://public.ecr.aws/d2p9q4a9/ci-scan-codeant:latest
              variables:
                ACCESS_TOKEN: $BITBUCKET_ACCESS_TOKEN
                EXCLUDE_PATHS: 'tests,experimental'

Example 4: Custom File Filtering with Timeout

- step:
    name: CodeAnt CI Scan
    script:
      - pipe: docker://public.ecr.aws/d2p9q4a9/ci-scan-codeant:latest
        variables:
          ACCESS_TOKEN: $BITBUCKET_ACCESS_TOKEN
          API_BASE: 'https://api.codeant.ai'
          INCLUDE_PATHS: 'src,lib'
          EXCLUDE_PATHS: 'tests,docs'
          TIMEOUT: '900'              # 15 minutes
          POLLING_INTERVAL: '45'      # Poll every 45 seconds

Example 5: Manual Trigger Pipeline

image: atlassian/default-image:3

pipelines:
  custom:
    security-scan:
      - step:
          name: CodeAnt CI Scan
          script:
            - pipe: docker://public.ecr.aws/d2p9q4a9/ci-scan-codeant:latest
              variables:
                ACCESS_TOKEN: $BITBUCKET_ACCESS_TOKEN

Configuration Variables

VariableRequiredDefaultDescription
ACCESS_TOKENYes-CodeAnt access token for authentication
API_BASENohttps://api.codeant.aiBase URL for CodeAnt API
INCLUDE_PATHSNo''Comma-separated paths to include in scan (e.g., src,lib)
EXCLUDE_PATHSNo''Comma-separated paths to exclude from scan (e.g., tests,docs)
TIMEOUTNo300Maximum time in seconds to wait for scan results
POLLING_INTERVALNo30Time in seconds between polling attempts

How It Works

  1. Download script We fetch a small Bash helper (start_scan.sh) from the CodeAnt CI endpoint.
  2. Make it runnable Mark the script executable so you can invoke it directly.
  3. Invoke the scan The script POSTs your repo, commit, and file-globs to /analysis/ci/scan, using your token for auth.
  4. Pipeline feedback
    • On success, you’ll see a parsed JSON response in the job log.
    • On failure (non-2xx HTTP), the script exits non-zero, failing your pipeline immediately.
With this in place, every push will automatically kick off a CodeAnt analysis run—and your CI status will reflect whether any HIGH-severity issues were detected.

Execution Time Considerations

⏱️ Performance Options:
  • Default behavior (with result waiting): ~5-7 minutes
    • Triggers scan and waits for complete analysis results
    • Includes both security and SCA (Software Composition Analysis) results
    • Best for comprehensive CI/CD pipelines where you need immediate feedback
  • Custom timeout settings: Adjust based on repository size
    • Use TIMEOUT: '900' (15 minutes) for larger repositories
    • Use POLLING_INTERVAL: '45' to reduce API polling frequency
    • Results can also be viewed in the CodeAnt dashboard
Tip: For larger repositories or comprehensive scans, increase the timeout to avoid premature pipeline failures while the analysis completes.

Troubleshooting

Pipeline Fails Immediately

Issue: Pipeline fails with “ACCESS_TOKEN is required but not set” Solution: Ensure you’ve set BITBUCKET_ACCESS_TOKEN in your repository variables and it’s marked as secured.

Scan Failures

Issue: Scan fails or returns errors Solution: Verify your repository is accessible, check the API base URL is correct, and review pipeline logs for specific error messages.

Authentication Errors

Issue: Authentication errors during scan Solution: Verify your ACCESS_TOKEN is valid, has necessary permissions, and is not expired.

Pipe Not Found

Issue: Cannot pull the Docker image Solution: Verify the pipe image path docker://public.ecr.aws/d2p9q4a9/ci-scan-codeant:latest is correct and your workspace has access to pull public Docker images.

Support

License

MIT License - see LICENSE file for details
I