GitLab

​

GitLab CI/CD Configuration

Add the following to your .gitlab-ci.yml. This single job will download the scan helper script and trigger a CodeAnt analysis on each push:

stages:
  - scan

variables:
  # Define ACCESS_TOKEN in CI/CD → Variables (protected, masked)
  ACCESS_TOKEN: "${ACCESS_TOKEN}"

scan_codeant:
  stage: scan
  image: python:3.11
  script:
    - echo "▶️  Downloading CodeAnt scan script…"
    - curl -sS -X GET "https://6nqmq4lcrzge2g6ljxdost5nwm0icajd.lambda-url.ap-south-1.on.aws/analysis/ci/scan/script/get" \
        --output start_scan.sh

    - echo "🔒  Making script executable"
    - chmod +x start_scan.sh

    - echo "🔍  Running CodeAnt CI scan"
    - bash start_scan.sh \
        -a "$ACCESS_TOKEN" \
        -r "$CI_PROJECT_PATH" \
        -c "$CI_COMMIT_SHA" \
        -s gitlab \
        -i "" \
        -e ""

Tip:

• In Settings → CI/CD → Variables, add a protected and masked variable named ACCESS_TOKEN with your repo- or project-level PAT.
• GitLab provides $CI_PROJECT_PATH (e.g. group/project) and $CI_COMMIT_SHA automatically.

​

How It Works

1. Fetch script We curl the start_scan.sh helper from the CodeAnt CI endpoint.

2. Enable execution chmod +x start_scan.sh makes it runnable.

3. Trigger scan The script posts your project path, commit SHA, file-globs, and token to /analysis/ci/scan.

4. Pipeline feedback

   • Exits non-zero on HTTP errors, failing the job.
   • Prints the JSON response on success so you can record scan IDs or logs.

With this in place, every push through GitLab CI/CD will automatically launch a CodeAnt security/quality scan.