Overview
This document shows how to use the CodeAnt Quality Gates pipe in your Bitbucket pipelines. Reference Repository: quality-gates-codeantSetup
1. Get Your Repository Access Token
- Go to your repository Settings
- Navigate to Security > Access tokens
- Click Create repository access token
- Select permissions:
- Repositories: Read, Write
- Pull requests: Read, Write
- Copy the generated token
2. Configure Repository Variables
Before using the pipe, configure these repository variables in Repository Settings → Pipelines → Repository variables:BITBUCKET_ACCESS_TOKEN- Your Bitbucket Repository Access Token
ACCESS_TOKEN which is set from the repository variable; e.g. ACCESS_TOKEN: $BITBUCKET_ACCESS_TOKEN. This mapping is required so the container receives the token at runtime.
Basic Usage
Example 1: Run Quality Gates on Every Push
Example 2: Run Quality Gates on Pull Requests Only
Example 3: Run Quality Gates with Custom Configuration
Example 4: Multi-Stage Pipeline with Quality Gates
Example 5: Quality Gates with Debug Mode
Configuration Variables
| Variable | Required | Default | Description |
|---|---|---|---|
ACCESS_TOKEN (pipeline) / BITBUCKET_ACCESS_TOKEN (repository) | Yes | - | Bitbucket access token for authentication — set BITBUCKET_ACCESS_TOKEN in repository variables and pass it as ACCESS_TOKEN: $BITBUCKET_ACCESS_TOKEN in the pipeline |
API_BASE | No | https://api.codeant.ai | Base URL for CodeAnt API |
TIMEOUT | No | 300 | Maximum time in seconds to wait for results |
POLL_INTERVAL | No | 15 | Time in seconds between polling attempts |
DEBUG | No | false | Enable debug mode for verbose logging |
How It Works
- The pipe fetches the quality gates script from the CodeAnt API
- It initiates a quality gate scan for your repository and commit
- It polls for results until the scan completes or times out
- If secrets or issues are detected, the pipeline fails
- If the quality gate passes, the pipeline continues
Execution Time Considerations
⏱️ Performance Options:-
Default behavior (with result waiting): ~5-7 minutes
- Triggers scan and waits for complete analysis results
- Provides immediate feedback on secrets and security issues
- Best for comprehensive CI/CD pipelines where you need instant validation
-
Custom timeout settings: Adjust based on repository size
- Use
TIMEOUT: "600"(10 minutes) for larger repositories - Use
POLL_INTERVAL: "20"to reduce API polling frequency - Results can also be viewed in the CodeAnt dashboard
- Use
Quality Gate Checks
The quality gate performs comprehensive checks including:Security and Code Quality Checks
- Secret Detection: Scans for hardcoded secrets, API keys, passwords, and tokens
- SAST (Static Application Security Testing): Detects security vulnerabilities in source code
- SCA (Software Composition Analysis): Identifies vulnerabilities in third-party dependencies
- IaC (Infrastructure as Code): Scans infrastructure configuration files for security issues
- Duplicate Code Detection: Identifies code duplication to improve maintainability
- Analyzes only the changed lines since your merge base commit
- Uses high-confidence detection to minimize false positives
- Blocks the build if any issues are found
Troubleshooting
Pipeline Fails Immediately
Issue: Pipeline fails with “ACCESS_TOKEN is required but not set” Solution: Ensure you’ve setBITBUCKET_ACCESS_TOKEN in your repository variables.
Pipeline Times Out
Issue: Pipeline times out waiting for results Solution: Increase theTIMEOUT variable:
Connection Issues
Issue: Cannot connect to CodeAnt API Solution: Verify theAPI_BASE URL and check if you need to use a custom endpoint:
Support
- 📧 Email: [email protected]
- 📚 Documentation: https://docs.codeant.ai
- 🐛 Repository: https://bitbucket.org/codeantworkspace/quality-gates-codeant/src/main/