CodeAnt provides powerful Status Checks to help you ensure that secrets and high-severity security issues never make it into your production code. With these checks in place, any pull request (PR) containing sensitive data or serious vulnerabilities will fail automatically, preventing a merge until the issues are resolved.
A Status Check is a mechanism that runs automatically on your pull requests. It scans your code for:
Secrets: API tokens, passwords, private keys, or other sensitive information.
High-Severity Security Issues: Critical vulnerabilities flagged by the Static Application Security Testing (SAST) tool.
If CodeAnt detects any of these issues, it fails the check, which in most common Git hosting platforms (e.g., GitHub, GitLab, Bitbucket) prevents the PR from merging.Why Use Status Checks?
Enhanced Security: Stop secrets from leaking into your repositories or production environment.
Compliance and Best Practices: Adhere to industry standards by automatically enforcing security checks.
Early Detection: Identify and fix issues before they get merged, saving time and reducing risk.
A secret (e.g., an AWS key, a database password, or any other sensitive token), or
A high-severity SAST finding (e.g., SQL injection vulnerability, insecure API usage),
CodeAnt will fail the status check. Depending on your Git provider’s settings:
The merge button may be disabled.
A red “X” or failing badge will appear on your PR.
You and your team members will be notified that the pull request cannot merge until the issue is fixed.
Once you remove the secret or resolve the high-severity issue, CodeAnt will automatically re-check your PR. If no further issues are detected, the status check will pass, and you can proceed with merging safely.