GitHub Actions - CodeAnt AI

CodeAnt Quality Gate Scan Action

This GitHub Action runs CodeAnt CI quality gate scan with secret detection and code quality analysis on your repository. It integrates seamlessly with your CI/CD pipeline to provide automated scanning and will fail your workflow if secrets are detected or quality gates fail. You can find this action on the GitHub Marketplace.

Features

🔒 Secret detection and security scanning
📊 Code quality gate enforcement
🚀 Fast and efficient scanning
🔄 Seamless CI/CD integration
📈 Detailed reports and insights
⏱️ Configurable polling and timeout
✅ Pass/Fail workflow status based on scan results

Inputs

Name	Description	Required	Default
`access_token`	CodeAnt API token (`cdt_…`) used to authenticate the scan — see API Tokens	Yes	-
`api_base`	Base URL for CodeAnt API	No	`https://api.codeant.ai`
`timeout`	Maximum time in seconds to wait for results	No	`300`
`poll_interval`	Time in seconds between polling attempts	No	`15`

Setup

1. Create a CodeAnt Token

In CodeAnt AI, go to Settings → API tokens, click Create token, and copy the generated token (it starts with cdt_ and is shown only once). See API Tokens for the full walkthrough. This single token authenticates the scan — you don’t need a GitHub personal access token.

2. Add Token to GitHub Secrets

Go to your repository’s Settings
Navigate to Secrets and variables → Actions
Click “New repository secret”
Name: CODEANT_TOKEN
Value: Paste your CodeAnt token (cdt_…)
Click “Add secret”

Usage

Basic Example

name: CODEANT QUALITY GATE SCAN

on:
  push:
    branches: [ main, develop ]
  pull_request:
    branches: [ main ]

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - name: Run CodeAnt Scan
        uses: CodeAnt-AI/codeant-quality-gates@v0.0.5
        with:
          access_token: ${{ secrets.CODEANT_TOKEN }}

With Custom Configuration

- name: Run CodeAnt Quality Gate Scan
  uses: CodeAnt-AI/codeant-quality-gates@v0.0.5
  with:
    access_token: ${{ secrets.CODEANT_TOKEN }}
    api_base: https://api.codeant.ai
    timeout: 600           # Wait up to 10 minutes for results
    poll_interval: 20      # Poll every 20 seconds

Complete Workflow Example

name: CodeAnt Quality Gate

on:
  push:
    branches: [ main, develop ]
  pull_request:
    branches: [ main ]

jobs:
  quality-gate:
    name: Quality Gate Scan
    runs-on: ubuntu-latest
    steps:
      - name: Run CodeAnt Quality Gate Scan
        uses: CodeAnt-AI/codeant-quality-gates@v0.0.5
        with:
          access_token: ${{ secrets.CODEANT_TOKEN }}
          api_base: https://api.codeant.ai
          timeout: 300
          poll_interval: 15

How It Works

Checkout: Checks out your repository code
Fetch Script: Downloads the quality gates scanning script from CodeAnt API
Start Scan: Initiates the quality gate scan on CodeAnt servers
Poll Results: Continuously polls for scan results until completion or timeout
Report Status: Reports pass/fail status with GitHub annotations

Expected Output

When Quality Gate Passes:

✅ Quality Gate PASSED - No secrets detected

The workflow continues successfully. When Quality Gate Fails:

❌ Quality Gate FAILED - Secrets detected or scan error

The workflow fails, preventing merge/deployment.

Quality Gate Checks

Currently, the quality gate performs the following checks:

Security and Code Quality Checks

Secret Detection: Scans for hardcoded secrets, API keys, passwords, and tokens
SAST (Static Application Security Testing): Detects security vulnerabilities in source code
SCA (Software Composition Analysis): Identifies vulnerabilities in third-party dependencies
IaC (Infrastructure as Code): Scans infrastructure configuration files for security issues
Duplicate Code Detection: Identifies code duplication to improve maintainability
Analyzes only the changed lines since your merge base commit
Uses high-confidence detection to minimize false positives
Blocks the build if any issues are found

Best Practices

Run on all branches: Quality gates should run on every push to catch issues early
Block merges: Configure branch protection rules to require quality gate checks before merging
Review failures: When quality gates fail, review the detected issues immediately
Keep tokens secure: Never commit access tokens directly - always use GitHub Secrets

Troubleshooting

Quality gate times out

If the scan takes longer than expected:

Increase the timeout using timeout: 600 (10 minutes)
Check if the CodeAnt service is operational

Authentication failures

If you see “Access token invalid”:

Verify your CODEANT_TOKEN secret holds a valid CodeAnt token (cdt_…) that hasn’t been revoked
Ensure the token belongs to the same organization as the repository

No results returned

If the scan completes but returns no results:

Check that quality gates are enabled for your repository in CodeAnt
Verify the commit SHA is correct

License

This project is licensed under the MIT License - see the LICENSE file for details.

Support

For issues, questions, or contributions, please visit the GitHub repository.

​CodeAnt Quality Gate Scan Action

​Features

​Inputs

​Setup

​1. Create a CodeAnt Token

​2. Add Token to GitHub Secrets

​Usage

​Basic Example

​With Custom Configuration

​Complete Workflow Example

​How It Works

​Expected Output

​Quality Gate Checks

​Security and Code Quality Checks

​Best Practices

​Troubleshooting

​Quality gate times out

​Authentication failures

​No results returned

​License

​Support