> ## Documentation Index > Fetch the complete documentation index at: https://docs.codeant.ai/llms.txt > Use this file to discover all available pages before exploring further. # Bitbucket Pipelines > Set up CodeAnt Quality Gates in your Bitbucket CI Pipeline. ## Overview This document shows how to use the CodeAnt Quality Gates pipe in your Bitbucket pipelines. **Reference Repository**: [quality-gates-codeant](https://bitbucket.org/codeantworkspace/quality-gates-codeant/src/main/) ## Setup ### 1. Get Your Access Token Bitbucket supports two token scopes — use whichever fits your setup: | Token Type | Best For | Where to Create | | --------------------------- | ------------------------ | -------------------------------------------------- | | **Repository Access Token** | Single repository | Repository **Settings → Security → Access tokens** | | **Workspace Access Token** | All repos in a workspace | Workspace **Settings → Security → Access tokens** | **Repository Access Token** (repo-level): 1. Go to your repository **Settings** 2. Navigate to **Security > Access tokens** 3. Click **Create repository access token** 4. Select permissions: * **Repositories**: Read, Write * **Pull requests**: Read, Write 5. Copy the generated token **Workspace Access Token** (workspace-level): 1. Go to your workspace **Settings** 2. Navigate to **Security > Access tokens** 3. Click **Create workspace access token** 4. Select the same permissions as above 5. Copy the generated token Bitbucket access token scopes > **Note:** Do **not** use an **Atlassian API Token** (generated at [id.atlassian.com](https://id.atlassian.com)) — that token authenticates with Jira Cloud, Confluence Cloud, and Jira Align only, and will **not** work with Bitbucket. See [Atlassian docs](https://support.atlassian.com/atlassian-account/docs/manage-api-tokens-for-your-atlassian-account/). Use a **Bitbucket Repository Access Token** or **Workspace Access Token** instead. ### 2. Configure Repository Variables Before using the pipe, configure these repository variables in **Repository Settings → Pipelines → Repository variables**: * `BITBUCKET_ACCESS_TOKEN` - Your Bitbucket Repository Access Token Note: In the examples below the pipe expects a pipeline variable named `ACCESS_TOKEN` which is set from the repository variable; e.g. `ACCESS_TOKEN: $BITBUCKET_ACCESS_TOKEN`. This mapping is required so the container receives the token at runtime. ## Basic Usage ### Example 1: Run Quality Gates on Every Push ```yaml theme={null} image: atlassian/default-image:3 pipelines: default: - step: name: CodeAnt Quality Gate Scan script: - pipe: docker://public.ecr.aws/d2p9q4a9/quality-gates:latest variables: ACCESS_TOKEN: $BITBUCKET_ACCESS_TOKEN ``` ### Example 2: Run Quality Gates on Pull Requests Only ```yaml theme={null} image: atlassian/default-image:3 pipelines: pull-requests: '**': - step: name: CodeAnt Quality Gate Scan script: - pipe: docker://public.ecr.aws/d2p9q4a9/quality-gates:latest variables: ACCESS_TOKEN: $BITBUCKET_ACCESS_TOKEN API_BASE: "https://api.codeant.ai" TIMEOUT: "300" POLL_INTERVAL: "15" ``` ### Example 3: Run Quality Gates with Custom Configuration ```yaml theme={null} image: atlassian/default-image:3 pipelines: branches: main: - step: name: Build Application script: - echo "Building application..." - npm install - npm run build - step: name: CodeAnt Quality Gate Scan script: - pipe: docker://public.ecr.aws/d2p9q4a9/quality-gates:latest variables: ACCESS_TOKEN: $BITBUCKET_ACCESS_TOKEN API_BASE: "https://api.codeant.ai" TIMEOUT: "600" POLL_INTERVAL: "20" ``` ### Example 4: Multi-Stage Pipeline with Quality Gates ```yaml theme={null} image: atlassian/default-image:3 pipelines: branches: main: - parallel: - step: name: Run Tests script: - npm install - npm test - step: name: CodeAnt Quality Gate Scan script: - pipe: docker://public.ecr.aws/d2p9q4a9/quality-gates:latest variables: ACCESS_TOKEN: $BITBUCKET_ACCESS_TOKEN - step: name: Deploy to Production deployment: production script: - echo "Deploying to production..." - ./deploy.sh ``` ### Example 5: Quality Gates with Debug Mode ```yaml theme={null} image: atlassian/default-image:3 pipelines: custom: debug-scan: - step: name: CodeAnt Quality Gate Scan (Debug) script: - pipe: docker://public.ecr.aws/d2p9q4a9/quality-gates:latest variables: ACCESS_TOKEN: $BITBUCKET_ACCESS_TOKEN API_BASE: "https://api.codeant.ai" DEBUG: "true" ``` ## Configuration Variables | Variable | Required | Default | Description | | ------------------------ | -------- | ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------- | | `BITBUCKET_ACCESS_TOKEN` | Yes | - | Bitbucket Repository Access Token for authentication (set as repository variable and pass as `ACCESS_TOKEN: $BITBUCKET_ACCESS_TOKEN` in pipeline) | | `API_BASE` | No | `https://api.codeant.ai` | Base URL for CodeAnt API | | `TIMEOUT` | No | `300` | Maximum time in seconds to wait for results | | `POLL_INTERVAL` | No | `15` | Time in seconds between polling attempts | | `DEBUG` | No | `false` | Enable debug mode for verbose logging | ## How It Works 1. The pipe fetches the quality gates script from the CodeAnt API 2. It initiates a quality gate scan for your repository and commit 3. It polls for results until the scan completes or times out 4. If secrets or issues are detected, the pipeline fails 5. If the quality gate passes, the pipeline continues ### Execution Time Considerations ⏱️ **Performance Options:** * **Default behavior (with result waiting)**: \~5-7 minutes * Triggers scan and waits for complete analysis results * Provides immediate feedback on secrets and security issues * Best for comprehensive CI/CD pipelines where you need instant validation * **Custom timeout settings**: Adjust based on repository size * Use `TIMEOUT: "600"` (10 minutes) for larger repositories * Use `POLL_INTERVAL: "20"` to reduce API polling frequency * Results can also be viewed in the CodeAnt dashboard **Tip:** For faster PR checks on larger repositories, increase the timeout to avoid premature pipeline failures while the scan completes. ## Quality Gate Checks The quality gate performs comprehensive checks including: ### Security and Code Quality Checks * **Secret Detection**: Scans for hardcoded secrets, API keys, passwords, and tokens * **SAST (Static Application Security Testing)**: Detects security vulnerabilities in source code * **SCA (Software Composition Analysis)**: Identifies vulnerabilities in third-party dependencies * **IaC (Infrastructure as Code)**: Scans infrastructure configuration files for security issues * **Duplicate Code Detection**: Identifies code duplication to improve maintainability * Analyzes only the changed lines since your merge base commit * Uses high-confidence detection to minimize false positives * Blocks the build if any issues are found ## Troubleshooting ### Pipeline Fails Immediately **Issue**: Pipeline fails with "ACCESS\_TOKEN is required but not set" **Solution**: Ensure you've set `BITBUCKET_ACCESS_TOKEN` in your repository variables. ### Pipeline Times Out **Issue**: Pipeline times out waiting for results **Solution**: Increase the `TIMEOUT` variable: ```yaml theme={null} - pipe: docker://public.ecr.aws/d2p9q4a9/quality-gates:latest variables: ACCESS_TOKEN: $BITBUCKET_ACCESS_TOKEN TIMEOUT: "600" # 10 minutes ``` ### Connection Issues **Issue**: Cannot connect to CodeAnt API **Solution**: Verify the `API_BASE` URL and check if you need to use a custom endpoint: ```yaml theme={null} - pipe: docker://public.ecr.aws/d2p9q4a9/quality-gates:latest variables: ACCESS_TOKEN: $BITBUCKET_ACCESS_TOKEN API_BASE: "https://api.codeant.ai" ``` ## Support * 📧 Email: [support@codeant.ai](mailto:support@codeant.ai) * 📚 Documentation: [https://docs.codeant.ai](https://docs.codeant.ai) * 🐛 Repository: [https://bitbucket.org/codeantworkspace/quality-gates-codeant/src/main/](https://bitbucket.org/codeantworkspace/quality-gates-codeant/src/main/) ## License MIT License - see LICENSE file for details