GitLab CI/CD Configuration

Add the following to your .gitlab-ci.yml. This single job will download the scan helper script and trigger a CodeAnt analysis on each push: 
stages:
  - scan

variables:
  # Define ACCESS_TOKEN in CI/CD → Variables (protected, masked)
  ACCESS_TOKEN: "${ACCESS_TOKEN}"

scan_codeant:
  stage: scan
  image: python:3.11
  script:
    - echo "▶️  Downloading CodeAnt scan script…"
    - curl -sS -X GET "https://api.codeant.ai/analysis/ci/scan/script/get" \
        --output start_scan.sh.b64

    - echo "🔒  Decoding and making script executable"
    - base64 -d start_scan.sh.b64 > start_scan.sh
    - chmod +x start_scan.sh

    - echo "🔍  Running CodeAnt CI scan"
    - bash start_scan.sh \
        -a "$ACCESS_TOKEN" \
        -r "$CI_PROJECT_PATH" \
        -c "$CI_COMMIT_SHA" \
        -b "$CI_COMMIT_REF_NAME" \
        -s gitlab \
        -i "" \
        -e ""
Tip:
  • In Settings → CI/CD → Variables, add a protected and masked variable named ACCESS_TOKEN with your repo- or project-level PAT.
  • GitLab provides $CI_PROJECT_PATH (e.g. group/project) and $CI_COMMIT_SHA automatically.

How It Works

  1. Fetch script We curl the start_scan.sh helper from the CodeAnt CI endpoint.
  2. Enable execution chmod +x start_scan.sh makes it runnable.
  3. Trigger scan The script posts your project path, commit SHA, file-globs, and token to /analysis/ci/scan.
  4. Pipeline feedback
    • Exits non-zero on HTTP errors, failing the job.
    • Prints the JSON response on success so you can record scan IDs or logs.
With this in place, every push through GitLab CI/CD will automatically launch a CodeAnt security/quality scan.