Skip to main content

CodeAnt CI Scan Action

A GitHub Action to run CodeAnt CI security and code quality analysis on your repository. You can find this action on the GitHub Marketplace.

Features

  • 🛡️ Automated security and code quality scanning
  • 🔍 Deep code analysis and vulnerability detection
  • 📊 Detailed reports and insights
  • ⚡ Fast and easy integration

Usage

Basic Usage

Add this action to your workflow: 
name: CodeAnt CI Scan

on:
  push:
    branches: [ "main" ]
  pull_request:
    branches: [ "main" ]

jobs:
  codeant_scan:
    name: Run CodeAnt CI scan
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v3

      - name: Run CodeAnt CI Scan
        uses: CodeAnt-AI/codeant-ci-scan-action@v0.0.5
        with:
          access_token: ${{ secrets.CODEANT_TOKEN }}

Advanced Usage

Customize the scan with additional options: 
- name: Run CodeAnt CI Scan
  uses: CodeAnt-AI/codeant-ci-scan-action@v0.0.5
  with:
    access_token: ${{ secrets.CODEANT_TOKEN }}
    scanners: 'sast,sca'
    include_paths: 'src/,lib/'
    exclude_paths: 'test/,docs/'

Inputs

InputDescriptionRequiredDefault
access_tokenCodeAnt API token (cdt_…) — see API TokensYes-
api_baseCodeAnt API base URLNohttps://api.codeant.ai
scannersComma-separated list of scanners to runNosast,sca
include_pathsComma-separated paths to include in scanNo'' (all files)
exclude_pathsComma-separated paths to exclude from scanNo'' (none)

Setup

1. Create a CodeAnt Token

In CodeAnt AI, go to Settings → API tokens, click Create token, and copy the generated token (it starts with cdt_ and is shown only once). See API Tokens for the full walkthrough. This single token authenticates the scan — you don’t need a GitHub personal access token.

2. Add Token to GitHub Secrets

  • Go to your repository’s Settings
  • Navigate to Secrets and variables → Actions
  • Click “New repository secret”
  • Name: CODEANT_TOKEN
  • Value: Paste your CodeAnt token (cdt_…)
  • Click “Add secret”

3. Create Workflow File

Create .github/workflows/codeant-scan.yml in your repository with the usage example above.

Supported Events

This action works with any GitHub event that provides commit information:
  • push
  • pull_request
  • workflow_dispatch
  • schedule

Example Workflows

Scan on Push and Pull Request

name: CodeAnt CI Scan

on:
  push:
    branches: [ "main", "develop" ]
  pull_request:
    branches: [ "main" ]

jobs:
  codeant_scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - uses: CodeAnt-AI/codeant-ci-scan-action@v0.0.5
        with:
          access_token: ${{ secrets.CODEANT_TOKEN }}

Scheduled Daily Scan

name: Daily CodeAnt Scan

on:
  schedule:
    - cron: '0 2 * * *'  # Run at 2 AM UTC daily

jobs:
  codeant_scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - uses: CodeAnt-AI/codeant-ci-scan-action@v0.0.5
        with:
          access_token: ${{ secrets.CODEANT_TOKEN }}

Scan Specific Directories with Security Focus

- uses: CodeAnt-AI/codeant-ci-scan-action@v0.0.5
  with:
    access_token: ${{ secrets.CODEANT_TOKEN }}
    scanners: 'sast,secrets'
    include_paths: 'src/,backend/'
    exclude_paths: 'src/tests/,backend/vendor/'

Scanner Options

🔍 Available Scanners: The scanners input allows you to customize which security scanners run during analysis:
  • sast - Static Application Security Testing (code vulnerabilities)
  • sca - Software Composition Analysis (dependency vulnerabilities)
  • secrets - Secret detection (API keys, passwords, tokens)
  • antipatterns - Code quality and duplicate code detection
  • iac - Infrastructure as Code security (Terraform, CloudFormation, etc.)
  • all - Run all available scanners
Default: If not specified, runs sast,sca Examples:
  • Run all scanners: scanners: 'all'
  • Only SAST: scanners: 'sast'
  • SAST + Secrets: scanners: 'sast,secrets'
  • Full security suite: scanners: 'sast,sca,secrets,iac'

Scanner Configuration Examples

Run All Scanners

- uses: CodeAnt-AI/codeant-ci-scan-action@v0.0.5
  with:
    access_token: ${{ secrets.CODEANT_TOKEN }}
    scanners: 'all'

Security-Focused Scan

- uses: CodeAnt-AI/codeant-ci-scan-action@v0.0.5
  with:
    access_token: ${{ secrets.CODEANT_TOKEN }}
    scanners: 'sast,secrets'

Troubleshooting

Authentication Errors

  • Ensure your CODEANT_TOKEN is correctly set in repository secrets
  • Verify the CodeAnt token (cdt_…) hasn’t been revoked
  • Check that the token belongs to the same organization as the repository

Scan Failures

  • Verify your repository is accessible
  • Check that the API base URL is correct
  • Review the action logs for specific error messages

Support

License

This project is licensed under the MIT License - see the LICENSE file for details.

On-Premise Deployment

If you are using a self-hosted CodeAnt instance, you can specify a custom API endpoint using the api_base parameter: 
- name: Run CodeAnt CI Scan
  uses: CodeAnt-AI/codeant-ci-scan-action@v0.0.5
  with:
    access_token: ${{ secrets.CODEANT_TOKEN }}
    api_base: 'https://your-codeant-instance.example.com'
Note: The api_base parameter is only required for on-premise deployments. Cloud users do not need to configure this.

Support

For issues, questions, or contributions, please visit the GitHub repository.