Analyze your project's Code Quality

This example shows how to run Code Quality on your code by using GitLab CI/CD and Docker.

First, you need GitLab Runner with docker-in-docker executor.

Once you set up the Runner, add a new job to .gitlab-ci.yml, called code_quality:

code_quality:
  image: docker:stable
  variables:
    DOCKER_DRIVER: overlay2
  allow_failure: true
  services:
    - docker:stable-dind
  script:
    - export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
    - docker run
        --env SOURCE_CODE="$PWD"
        --volume "$PWD":/code
        --volume /var/run/docker.sock:/var/run/docker.sock
        "registry.gitlab.com/gitlab-org/security-products/codequality:$SP_VERSION" /code
  artifacts:
    paths: [gl-code-quality-report.json]

The above example will create a code_quality job in your CI/CD pipeline which will scan your source code for code quality issues. The report will be saved as an artifact that you can later download and analyze.

Tip: Starting with GitLab Starter 9.3, this information will be automatically extracted and shown right in the merge request widget. To do so, the CI/CD job must be named code_quality and the artifact path must be gl-code-quality-report.json. Learn more on Code Quality in merge requests.
Caution: Code Quality was previously using codeclimate and codequality for job name and codeclimate.json for the artifact name. While these old names are still maintained they have been deprecated with GitLab 11.0 and may be removed in next major release, GitLab 12.0. You are advised to update your current .gitlab-ci.yml configuration to reflect that change.