CodeAnt provides powerful Status Checks to help you ensure that secrets and high-severity security issues never make it into your production code. With these checks in place, any pull request (PR) containing sensitive data or serious vulnerabilities will fail automatically, preventing a merge until the issues are resolved.

What Are Status Checks?

A Status Check is a mechanism that runs automatically on your pull requests. It scans your code for:

  1. Secrets: API tokens, passwords, private keys, or other sensitive information.
  2. High-Severity Security Issues: Critical vulnerabilities flagged by the Static Application Security Testing (SAST) tool.

If CodeAnt detects any of these issues, it fails the check, which in most common Git hosting platforms (e.g., GitHub, GitLab, Bitbucket) prevents the PR from merging.

Why Use Status Checks?

  • Enhanced Security: Stop secrets from leaking into your repositories or production environment.
  • Compliance and Best Practices: Adhere to industry standards by automatically enforcing security checks.
  • Early Detection: Identify and fix issues before they get merged, saving time and reducing risk.

How to Enable?

  1. Log into CodeAnt
    Go to app.codeant.ai and sign in with your account.

  2. Navigate to Settings

    • Click on the Settings tab in the top navigation bar.

  3. Pull Request Configuration

    • In the sidebar, select Pull Request Configuration.

  4. Enable the Checks

    • Under Secrets Status Check, toggle the switch to Enable.
    • Under SAST Status Check, toggle the switch to Enable.

  5. Save Your Changes
    That’s it! CodeAnt will now run the configured checks each time you create or update a pull request.

What Happens When a Check Fails?

If a pull request contains:

  • A secret (e.g., an AWS key, a database password, or any other sensitive token), or
  • A high-severity SAST finding (e.g., SQL injection vulnerability, insecure API usage),

CodeAnt will fail the status check. Depending on your Git provider’s settings:

  • The merge button may be disabled.
  • A red “X” or failing badge will appear on your PR.
  • You and your team members will be notified that the pull request cannot merge until the issue is fixed.

Once you remove the secret or resolve the high-severity issue, CodeAnt will automatically re-check your PR. If no further issues are detected, the status check will pass, and you can proceed with merging safely.