Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.codeant.ai/llms.txt

Use this file to discover all available pages before exploring further.

CodeAnt Quality Gate Scan Action

This GitHub Action runs CodeAnt CI quality gate scan with secret detection and code quality analysis on your repository. It integrates seamlessly with your CI/CD pipeline to provide automated scanning and will fail your workflow if secrets are detected or quality gates fail. You can find this action on the GitHub Marketplace.

Features

  • 🔒 Secret detection and security scanning
  • 📊 Code quality gate enforcement
  • 🚀 Fast and efficient scanning
  • 🔄 Seamless CI/CD integration
  • 📈 Detailed reports and insights
  • ⏱️ Configurable polling and timeout
  • ✅ Pass/Fail workflow status based on scan results

Inputs

NameDescriptionRequiredDefault
access_tokenGitHub Personal Access Token (PAT) or repository token for authenticationYes-
api_baseBase URL for CodeAnt APINohttps://api.codeant.ai
timeoutMaximum time in seconds to wait for resultsNo300
poll_intervalTime in seconds between polling attemptsNo15

Setup

1. Get Your GitHub Access Token

  • Log in to your GitHub account
  • Go to Settings > Developer settings > Personal access tokens > Tokens (classic)
  • Click Generate new token (classic)
  • Select the repo scope
  • Generate and copy the token

2. Add Token to GitHub Secrets

  • Go to your repository’s Settings
  • Navigate to Secrets and variables → Actions
  • Click “New repository secret”
  • Name: ACCESS_TOKEN_GITHUB
  • Value: Paste your GitHub access token
  • Click “Add secret”

Usage

Basic Example

name: CODEANT QUALITY GATE SCAN

on:
  push:
    branches: [ main, develop ]
  pull_request:
    branches: [ main ]

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - name: Run CodeAnt Scan
        uses: CodeAnt-AI/codeant-quality-gates@v0.0.5
        with:
          access_token: ${{ secrets.ACCESS_TOKEN_GITHUB }}

With Custom Configuration

- name: Run CodeAnt Quality Gate Scan
  uses: CodeAnt-AI/codeant-quality-gates@v0.0.5
  with:
    access_token: ${{ secrets.ACCESS_TOKEN_GITHUB }}
    api_base: https://api.codeant.ai
    timeout: 600           # Wait up to 10 minutes for results
    poll_interval: 20      # Poll every 20 seconds

Complete Workflow Example

name: CodeAnt Quality Gate

on:
  push:
    branches: [ main, develop ]
  pull_request:
    branches: [ main ]

jobs:
  quality-gate:
    name: Quality Gate Scan
    runs-on: ubuntu-latest
    steps:
      - name: Run CodeAnt Quality Gate Scan
        uses: CodeAnt-AI/codeant-quality-gates@v0.0.5
        with:
          access_token: ${{ secrets.ACCESS_TOKEN_GITHUB }}
          api_base: https://api.codeant.ai
          timeout: 300
          poll_interval: 15

How It Works

  1. Checkout: Checks out your repository code
  2. Fetch Script: Downloads the quality gates scanning script from CodeAnt API
  3. Start Scan: Initiates the quality gate scan on CodeAnt servers
  4. Poll Results: Continuously polls for scan results until completion or timeout
  5. Report Status: Reports pass/fail status with GitHub annotations

Expected Output

When Quality Gate Passes:
✅ Quality Gate PASSED - No secrets detected
The workflow continues successfully. When Quality Gate Fails:
❌ Quality Gate FAILED - Secrets detected or scan error
The workflow fails, preventing merge/deployment.

Required Permissions

The access_token requires the following permissions:
  • repo - Full control of private repositories (for reading code)
  • contents: read - Read access to repository contents

Quality Gate Checks

Currently, the quality gate performs the following checks:

Security and Code Quality Checks

  • Secret Detection: Scans for hardcoded secrets, API keys, passwords, and tokens
  • SAST (Static Application Security Testing): Detects security vulnerabilities in source code
  • SCA (Software Composition Analysis): Identifies vulnerabilities in third-party dependencies
  • IaC (Infrastructure as Code): Scans infrastructure configuration files for security issues
  • Duplicate Code Detection: Identifies code duplication to improve maintainability
  • Analyzes only the changed lines since your merge base commit
  • Uses high-confidence detection to minimize false positives
  • Blocks the build if any issues are found

Best Practices

  1. Run on all branches: Quality gates should run on every push to catch issues early
  2. Block merges: Configure branch protection rules to require quality gate checks before merging
  3. Review failures: When quality gates fail, review the detected issues immediately
  4. Keep tokens secure: Never commit access tokens directly - always use GitHub Secrets

Troubleshooting

Quality gate times out

If the scan takes longer than expected:
  • Increase the timeout using timeout: 600 (10 minutes)
  • Check if the CodeAnt service is operational

Authentication failures

If you see “Access token invalid”:
  • Verify your access_token is correctly configured in GitHub Secrets
  • Ensure the token has appropriate repository permissions

No results returned

If the scan completes but returns no results:
  • Check that quality gates are enabled for your repository in CodeAnt
  • Verify the commit SHA is correct

License

This project is licensed under the MIT License - see the LICENSE file for details.

Support

For issues, questions, or contributions, please visit the GitHub repository.