Static Code Analysis with Gitlab-CI

Static Code Analysis is a simple but efficient way to ensure that application’s source code is free from known flaws and security vulnerabilities. Although such analysis tools are often coming with more advanced code editors, there are a lot of people who prefer less complicated environments. The easiest solution would involve education – where to get and how to use the aforementioned tools. However, counting on the manual usage of such tools still does not guarantee their actual usage. On the other hand, reducing the required effort, according to the idea “setup once, use anytime without sweat” seems like a more promising approach. In this paper, the approach to automate code scanning, within the existing CERN’s Gitlab installation, is described. For realization of that project, the Gitlab-CI service (the “CI” stands for "Continuous Integration"), with Docker assistance, was employed to provide a variety of static code analysers for different programming languages. This document covers the general system architecture as well as introduces its configuration and usage examples.