Jenkins Pipeline Configuration

Below is a Declarative Pipeline example. It fetches the CodeAnt scan helper script and runs a security/quality scan on every build: 
pipeline {
  agent any

  environment {
    // Add your PAT or repo token as a Jenkins Secret Credential (kind: Secret text)
    // then reference it here by its credential ID, e.g. "codeant-token"
    ACCESS_TOKEN = credentials('codeant-token')

    // Your Git repo slug in “org/repo” format.
    // You can also infer from GIT_URL if you prefer.
    REPO_NAME = 'org/repo'
  }

  stages {
    stage('Checkout Code') {
      steps {
        checkout scm
      }
    }

    stage('Download & Run CodeAnt Scan') {
      steps {
        script {
          // 1. Fetch the scan helper
          sh '''
            echo "▶️ Downloading CodeAnt scan script…"
            curl -sS -X GET "https://api.codeant.ai/analysis/ci/scan/script/get" \
              -o start_scan.sh.b64
          '''

          // 2. Decode and make it executable
          sh '''
            base64 -d start_scan.sh.b64 > start_scan.sh
            chmod +x start_scan.sh
          '''

          // 3. Invoke the scan
          sh '''
            echo "🔍 Running CodeAnt CI scan for $REPO_NAME@$GIT_COMMIT…"
            bash start_scan.sh \
              -a "$ACCESS_TOKEN" \
              -r "$REPO_NAME" \
              -c "$GIT_COMMIT" \
              -b "$GIT_BRANCH" \
              -s "git_provider \
              -i "" \
              -e ""
          '''
        }
      }
    }
  }

  post {
    failure {
      echo '❌ CodeAnt scan failed — failing the build.'
    }
    success {
      echo '✅ CodeAnt scan completed successfully.'
    }
  }
}
Tip:
  • In Manage Jenkins → Credentials, add a Secret text credential containing your token, and reference its ID under credentials(...).
  • Jenkins automatically provides $GIT_COMMIT (the current commit SHA) when you use the Git plugin.
  • You can also set REPO_NAME = env.GIT_URL.split(‘/’)[-2..-1].join(‘/’) in a script {} block if you’d rather infer it dynamically.

How It Works

  1. Checkout Pulls the branch you configured for the job.
  2. Download script curl grabs start_scan.sh from the CodeAnt CI endpoint.
  3. Execute scan The helper posts your repo slug, commit SHA, include/exclude globs, and token to /analysis/ci/scan.
  4. Build result
    • On HTTP errors, the step fails (non-zero exit), marking the build as failed.
    • On success, you’ll see the JSON response in the console log for diagnostics.
With this pipeline, every Jenkins build will automatically trigger a CodeAnt analysis scan.