GitLab CI/CD Workflow
Add the following to your.gitlab-ci.yml
. It will trigger on every push to your target branch and kick off a CodeAnt analysis scan:
Script Parameters
Thestart_scan.sh
script accepts the following parameters:
Required Parameters
Parameter | Flag | Description | Example |
---|---|---|---|
Access Token | -a, --access-token | Authentication token for CodeAnt API. Can be a Personal Access Token (PAT) or repository token | $ACCESS_TOKEN |
Repository | -r, --repo | Repository name in organization/repository format | myorg/myrepo |
Commit ID | -c, --commit-id | Git commit SHA to analyze | $CI_COMMIT_SHA |
Service | -s, --service | Git service provider | gitlab , github , bitbucket |
Optional Parameters
Parameter | Flag | Default | Description | |
---|---|---|---|---|
Branch | -b, --branch | (empty) | Branch name for the analysis | main , develop |
Include Files | -i, --include-files | (empty) | Glob patterns for files to include in analysis | "src/**/*.js" |
Exclude Files | -e, --exclude-files | (empty) | Glob patterns for files to exclude from analysis | "**/test/**" |
Polling Interval | -p, --polling-interval | 30 | Seconds between result polling attempts | 20 |
Timeout | -t, --timeout | 300 | Maximum seconds to wait for results | 600 |
No Wait | -n, --no-wait | false | Skip waiting for results, only trigger the scan | (flag only) |
Execution Time Considerations
⏱️ Performance Options:-
With result waiting (default): ~7 minutes
- Triggers scan and waits for complete analysis results
- Includes both security and SCA (Software Composition Analysis) results
- Best for comprehensive CI/CD pipelines where you need immediate feedback
-
With
--no-wait
flag: ~2 minutes- Only triggers the scan and returns immediately
- Results can be fetched later or viewed in the CodeAnt dashboard
- Ideal for faster CI runs or when results can be processed asynchronously
Example Configurations
Fast CI Mode (No Wait)
Comprehensive Analysis (Wait for Results)
Custom File Filtering
Tips:
- Add an
ACCESS_TOKEN
variable in Settings → CI/CD → Variables (mark as protected and masked)- Use
--no-wait
for PR checks to keep them fast, and full analysis for main branch merges- Adjust timeout based on your repository size - larger repos may need more time
- File patterns support standard glob syntax for precise control over what gets analyzed
How it works
-
Download script
We fetch a small Bash helper (
start_scan.sh
) from the CodeAnt CI endpoint. - Make it runnable Mark the script executable so you can invoke it directly.
-
Invoke the scan
The script POSTs your repo, commit, and file-globs to
/analysis/ci/scan
, using your token for auth. -
Pipeline feedback
- On success, you’ll see a parsed JSON response in the job log.
- On failure (non-2xx HTTP), the script exits non-zero, failing your pipeline immediately.