Set up CodeAnt Quality Gates in your Bitbucket CI Pipeline.
bitbucket-pipelines.yml
. It will trigger on every push to your repository and run quality gate checks to detect secrets and other security issues:
Important:
- Define an
ACCESS_TOKEN
secured Repository variable with a personal access token or repo token (Settings -> Repository settings -> Repository variables).- Bitbucket Pipelines automatically provides
BITBUCKET_REPO_FULL_NAME
(e.g.org/repo
) andBITBUCKET_COMMIT
(current SHA).
quality_gates.sh
) from the CodeAnt API endpoint.
-o start
operation.
-o results
operation with:
quality_gates.sh
script accepts the following parameters:
Parameter | Description | Required | Example |
---|---|---|---|
-a, --access-token | Bitbucket Personal Access Token or repo token | Yes | ${ACCESS_TOKEN} |
-r, --repo | Repository in format workspace/repository | Yes | ${BITBUCKET_REPO_FULL_NAME} |
-c, --commit-id | Commit SHA to scan | Yes | ${BITBUCKET_COMMIT} |
-s, --service | VCS provider | Yes | bitbucket |
-o, --operation | Operation to perform (start or results ) | Yes | start or results |
-t, --timeout | Timeout in seconds for polling (default: 300) | No | 300 |
-p, --poll-interval | Poll interval in seconds (default: 15) | No | 15 |
-u, --base-url | Base URL for VCS service (optional) | No | https://bitbucket.org |
ACCESS_TOKEN
as secured in Repository Variables-t 600
(10 minutes)ACCESS_TOKEN
variable is correctly configured in Repository settingsset -e
at the beginning of your script to fail on any errorVariable | Description | Example |
---|---|---|
BITBUCKET_REPO_FULL_NAME | Full repository name | workspace/repository |
BITBUCKET_COMMIT | Current commit SHA | abc123def456 |
BITBUCKET_BRANCH | Current branch name | main |
BITBUCKET_PR_ID | Pull request ID (if applicable) | 123 |