Skip to main content

CodeAnt CI Scan Action

A GitHub Action to run CodeAnt CI security and code quality analysis on your repository. You can find this action on the GitHub Marketplace.

Features

  • 🛡️ Automated security and code quality scanning
  • 🔍 Deep code analysis and vulnerability detection
  • 📊 Detailed reports and insights
  • ⚡ Fast and easy integration

Usage

Basic Usage

Add this action to your workflow: 
name: CodeAnt CI Scan

on:
  push:
    branches: [ "main" ]
  pull_request:
    branches: [ "main" ]

jobs:
  codeant_scan:
    name: Run CodeAnt CI scan
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v3

      - name: Run CodeAnt CI Scan
        uses: CodeAnt-AI/[email protected]
        with:
          access_token: ${{ secrets.ACCESS_TOKEN_GITHUB }}

Advanced Usage

Customize the scan with additional options: 
- name: Run CodeAnt CI Scan
  uses: CodeAnt-AI/[email protected]
  with:
    access_token: ${{ secrets.ACCESS_TOKEN_GITHUB }}
    api_base: 'https://api.codeant.ai'
    scanners: 'sast,sca'
    include_paths: 'src/,lib/'
    exclude_paths: 'test/,docs/'

Inputs

InputDescriptionRequiredDefault
access_tokenGitHub Access TokenYes-
api_baseCodeAnt API base URLNohttps://api.codeant.ai
scannersComma-separated list of scanners to runNosast,sca
include_pathsComma-separated paths to include in scanNo'' (all files)
exclude_pathsComma-separated paths to exclude from scanNo'' (none)

Setup

1. Get Your GitHub Access Token

  • Log in to your GitHub account
  • Go to Settings > Developer settings > Personal access tokens > Tokens (classic)
  • Click Generate new token (classic)
  • Select the repo scope
  • Generate and copy the token

2. Add Token to GitHub Secrets

  • Go to your repository’s Settings
  • Navigate to Secrets and variables → Actions
  • Click “New repository secret”
  • Name: ACCESS_TOKEN_GITHUB
  • Value: Paste your GitHub access token
  • Click “Add secret”

3. Create Workflow File

Create .github/workflows/codeant-scan.yml in your repository with the usage example above.

Supported Events

This action works with any GitHub event that provides commit information:
  • push
  • pull_request
  • workflow_dispatch
  • schedule

Example Workflows

Scan on Push and Pull Request

name: CodeAnt CI Scan

on:
  push:
    branches: [ "main", "develop" ]
  pull_request:
    branches: [ "main" ]

jobs:
  codeant_scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - uses: CodeAnt-AI/[email protected]
        with:
          access_token: ${{ secrets.ACCESS_TOKEN_GITHUB }}

Scheduled Daily Scan

name: Daily CodeAnt Scan

on:
  schedule:
    - cron: '0 2 * * *'  # Run at 2 AM UTC daily

jobs:
  codeant_scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - uses: CodeAnt-AI/[email protected]
        with:
          access_token: ${{ secrets.ACCESS_TOKEN_GITHUB }}

Scan Specific Directories with Security Focus

- uses: CodeAnt-AI/[email protected]
  with:
    access_token: ${{ secrets.ACCESS_TOKEN_GITHUB }}
    scanners: 'sast,secrets'
    include_paths: 'src/,backend/'
    exclude_paths: 'src/tests/,backend/vendor/'

Scanner Options

🔍 Available Scanners: The scanners input allows you to customize which security scanners run during analysis:
  • sast - Static Application Security Testing (code vulnerabilities)
  • sca - Software Composition Analysis (dependency vulnerabilities)
  • secrets - Secret detection (API keys, passwords, tokens)
  • antipatterns - Code quality and duplicate code detection
  • iac - Infrastructure as Code security (Terraform, CloudFormation, etc.)
  • all - Run all available scanners
Default: If not specified, runs sast,sca Examples:
  • Run all scanners: scanners: 'all'
  • Only SAST: scanners: 'sast'
  • SAST + Secrets: scanners: 'sast,secrets'
  • Full security suite: scanners: 'sast,sca,secrets,iac'

Scanner Configuration Examples

Run All Scanners

- uses: CodeAnt-AI/[email protected]
  with:
    access_token: ${{ secrets.ACCESS_TOKEN_GITHUB }}
    scanners: 'all'

Security-Focused Scan

- uses: CodeAnt-AI/[email protected]
  with:
    access_token: ${{ secrets.ACCESS_TOKEN_GITHUB }}
    scanners: 'sast,secrets'

Troubleshooting

Authentication Errors

  • Ensure your ACCESS_TOKEN_GITHUB is correctly set in repository secrets
  • Verify the token hasn’t expired
  • Check that the token has the necessary permissions

Scan Failures

  • Verify your repository is accessible
  • Check that the API base URL is correct
  • Review the action logs for specific error messages

Support

License

This project is licensed under the MIT License - see the LICENSE file for details.

Support

For issues, questions, or contributions, please visit the GitHub repository.