Repository X-Ray
- Introduced in GitLab 16.7.
Repository X-Ray enhances GitLab Duo Code Suggestions by providing additional context to improve the accuracy and relevance of code recommendations.
Repository X-Ray gives the code assistant more insight into the project’s codebase and dependencies to generate better code suggestions. It does this by analyzing key project configuration files such as Gemfile.lock, package.json, and go.mod to build additional context.
By understanding the frameworks, libraries and other dependencies in use, Repository X-Ray helps the code assistant tailor suggestions to match the coding patterns, styles and technologies used in the project. This results in code recommendations that integrate more seamlessly and follow best practices for that stack.
Supported languages and package managers
| Language | Package Manager | Configuration File |
|---|---|---|
| Go | Go Modules | go.mod
|
| JavaScript | NPM, Yarn | package.json
|
| Ruby | RubyGems | Gemfile.lock
|
| Python | Poetry | pyproject.toml
|
| Python | Pip | requirements.txt
|
| Python | Conda | environment.yml
|
| PHP | Composer | composer.json
|
| Java | Maven | pom.xml
|
| Java | Gradle | build.gradle
|
| Kotlin | Gradle | build.gradle.kts
|
| C# | NuGet | *.csproj
|
| C/C++ | Conan | conanfile.txt
|
| C/C++ | Conan | conanfile.py
|
| C/C++ | vcpkg | vcpkg.json
|
Enable Repository X-Ray
Prerequisites:
- You must have access to GitLab Duo Code Suggestions in the project.
- GitLab Runner must be set up and enabled for the project, because Repository X-Ray runs analysis pipelines using GitLab runners.
To enable Repository X-Ray, add the following definition job to the project’s .gitlab-ci.yml.
xray:
stage: build
image: registry.gitlab.com/gitlab-org/code-creation/repository-x-ray:latest
allow_failure: true
rules:
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
variables:
OUTPUT_DIR: reports
script:
- x-ray-scan -p "$CI_PROJECT_DIR" -o "$OUTPUT_DIR"
artifacts:
reports:
repository_xray: "$OUTPUT_DIR/*/*.json"
- The
$OUTPUT_DIRenvironment variable defines the:- Output directory for reports.
- Path that artifacts are uploaded from.
- The added rules restrict the job to the default branch only. Restricting the job this way ensures development changes do not impact the baseline X-Ray data used for production code suggestions.
After the initial x-ray job completes and uploads the repository analysis reports, no further action is required. Repository X-Ray automatically enriches all code generation requests from that point forward.
The X-Ray data for your project updates each time a CI/CD pipeline containing the xray
job is run. To learn more about pipeline configuration and triggers, see the
pipelines documentation.
Troubleshooting
401: Unauthorized when running Repository X-Ray
When running Repository X-Ray, you might get an error that states 401: Unauthorized.
A Duo Pro add-on is linked to a group when you buy that add-on. To solve the error, ensure that your current project is part of a group with the Duo Pro add-on.
This link can be either of the following:
- Direct, that is, the project is in a group that has the Duo Pro add-on.
- Indirect, for example, the parent group of the current project’s group has the Duo Pro add-on.