CI/CD Integration

Automate BrowserStack Code Quality analysis in your CI/CD pipelines to enforce quality gates on every build or pull request.

Integration Approaches

BrowserStack Code Quality supports two integration approaches:

Approach	Best For
Native Plugin	GitHub Actions — minimal setup, managed by the action
CLI (Remote Analysis)	Any CI/CD tool that supports shell commands — GitHub Actions, Azure DevOps, Jenkins, GitLab CI, CircleCI, Bitbucket Pipelines, and more

Option 1: Native GitHub Actions Plugin

Use the official embold/github-action-docker action for the simplest GitHub Actions setup. The action handles downloading the scanner, running the analysis, and reporting quality gate status automatically.

Full example: commonslang_githubaction.yml

name: BrowserStack Code Quality

on:
  push:
    branches: [ main ]
  workflow_dispatch:

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: BrowserStack Code Quality Scan
        id: embold-scan
        uses: embold/github-action-docker@v2.0.0
        with:
          emboldUrl: https://demo.embold.io/
          emboldToken: ${{ secrets.EMBOLD_TOKEN }}
          emboldRepoUid: ${{ vars.EMBOLD_REPO_UID }}
          repositoryConfigPath: repository-configuration.json
          downloadConfig: 'true'
          qualityGate: 'true'
          snapshotLabel: ${{ github.run_number }}

      - name: Fail Build on Quality Gate Failure
        if: steps.embold-scan.outputs.qualityGateStatus == 'FAILED'
        run: |
          echo "Quality gate failed!"
          exit 1

Plugin Parameters

Parameter	Description
emboldUrl	Your BrowserStack Code Quality server URL.
emboldToken	Access token from Settings > Access Tokens. Store as a GitHub secret.
emboldRepoUid	Repository UID for the target repository. Found in the repository URL or settings.
repositoryConfigPath	Path to repository-configuration.json in the checked-out repo.
downloadConfig	Set to 'true' to auto-download the config from the server.
qualityGate	Set to 'true' to wait for the quality gate result before the step completes.
snapshotLabel	A label for the published snapshot (e.g., build number, branch name).

Option 2: CLI Integration (Any CI/CD Tool)

The CLI approach works with any CI/CD tool that can run shell commands. It uses the browserstack-codequality-scanner binary directly.

The three-step pattern is always the same regardless of your CI/CD platform:

1. Download and unpack the scanner.
2. Run embold-scanner analyse with your configuration.
3. (Optional) Check the quality gate result to pass or fail the build.

GitHub Actions — CLI

Full example: commonslang.yml

name: BrowserStack Code Quality (CLI)

on:
  push:
    branches: [ main ]
  pull_request:
    branches: [ main ]

jobs:
  analyze:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout Code
        uses: actions/checkout@v3

      - name: Set up JDK
        uses: actions/setup-java@v3
        with:
          distribution: 'temurin'
          java-version: '17'

      - name: Download BrowserStack CQ Scanner
        run: |
          curl https://v1.embold.io/nfs/CLI/browserstack-codequality-scanner.tar.gz \
            -o browserstack-codequality-scanner-archive.tar.gz
          tar xvf browserstack-codequality-scanner-archive.tar.gz

      - name: Run Code Quality Analysis
        continue-on-error: true
        env:
          EMBOLD_TOKEN: ${{ secrets.EMBOLD_TOKEN }}
        run: |
          ./browserstack-codequality-scanner/bin/embold-scanner analyse \
            -u https://demo.embold.io/ \
            -t $EMBOLD_TOKEN \
            -r ${{ vars.EMBOLD_REPO_UID }} \
            -c repository-configuration.json \
            -qg

The -qg flag causes the step to wait until the result is published on the server, then reports the quality gate outcome. The build will be marked failed if the gate is not met.

---

Azure DevOps — CLI

Full example: azure-pipelines.yml

Store EMBOLD_TOKEN, EMBOLD_URL, and EMBOLD_REPO_UID as Pipeline Variables (mark token as secret).

trigger:
  - main

pool:
  vmImage: ubuntu-latest

steps:
  - checkout: self

  - task: JavaToolInstaller@0
    inputs:
      versionSpec: '17'
      jdkArchitectureOption: 'x64'
      jdkSourceOption: 'PreInstalled'

  - script: |
      curl https://v1.embold.io/nfs/CLI/browserstack-codequality-scanner.tar.gz \
        -o browserstack-codequality-scanner-archive.tar.gz
      tar xvf browserstack-codequality-scanner-archive.tar.gz
    displayName: 'Download BrowserStack CQ Scanner'

  - script: |
      ./browserstack-codequality-scanner/bin/embold-scanner analyse \
        -u $(EMBOLD_URL) \
        -t $(EMBOLD_TOKEN) \
        -r $(EMBOLD_REPO_UID) \
        -c repository-configuration.json \
        -qg
    displayName: 'Run BrowserStack Code Quality Analysis'
    continueOnError: true

Jenkins — CLI

Store credentials using Jenkins Secret Text credentials: EMBOLD_TOKEN, EMBOLD_URL, EMBOLD_REPO_UID.

pipeline {
    agent { label 'linux' }

    environment {
        EMBOLD_TOKEN   = credentials('embold-token')
        EMBOLD_URL     = 'https://demo.embold.io/'
        EMBOLD_REPO_UID = 'YOUR_REPO_UID'
    }

    stages {
        stage('Checkout') {
            steps { checkout scm }
        }

        stage('Download Scanner') {
            steps {
                sh '''
                    curl https://v1.embold.io/nfs/CLI/browserstack-codequality-scanner.tar.gz \
                      -o browserstack-codequality-scanner-archive.tar.gz
                    tar xvf browserstack-codequality-scanner-archive.tar.gz
                '''
            }
        }

        stage('Code Quality Analysis') {
            steps {
                sh '''
                    ./browserstack-codequality-scanner/bin/embold-scanner analyse \
                      -u $EMBOLD_URL \
                      -t $EMBOLD_TOKEN \
                      -r $EMBOLD_REPO_UID \
                      -c repository-configuration.json \
                      -qg
                '''
            }
        }
    }
}

GitLab CI — CLI

Store EMBOLD_TOKEN, EMBOLD_URL, and EMBOLD_REPO_UID as CI/CD Variables in GitLab project settings.

code-quality:
  image: eclipse-temurin:17-jdk
  stage: test
  script:
    - curl https://v1.embold.io/nfs/CLI/browserstack-codequality-scanner.tar.gz
        -o browserstack-codequality-scanner-archive.tar.gz
    - tar xvf browserstack-codequality-scanner-archive.tar.gz
    - ./browserstack-codequality-scanner/bin/embold-scanner analyse
        -u $EMBOLD_URL
        -t $EMBOLD_TOKEN
        -r $EMBOLD_REPO_UID
        -c repository-configuration.json
        -qg
  allow_failure: true

Quality Gate Enforcement

Stop poor-quality code from reaching production by automating your "Go/No-Go" decisions within your pipeline. You can enforce your standards using the built-in scanner flag (recommended) or the Quality Gate API for custom workflows.

• The -qg Flag: Automatically fails the build by making the scanner wait for analysis results and exiting with a non-zero code if quality thresholds aren't met.
• REST API: Provides the flexibility to query the gate status independently, ideal for complex or decoupled orchestration.

To see the full configuration and code examples, see Quality Gate CI/CD Integration Guide

Secrets and Variables Reference

Regardless of your CI/CD platform, you need to configure these values securely:

Variable	Description	How to obtain
EMBOLD_TOKEN	API access token	Settings > Access Tokens in the UI
EMBOLD_URL	Server URL	Your BrowserStack Code Quality instance URL
EMBOLD_REPO_UID	Repository unique ID	Browser URL or repository settings page

Always store EMBOLD_TOKEN as an encrypted secret — never hardcode it in your pipeline file.

Performance Tuning in CI/CD

When using the CLI approach, code analysis runs on your CI/CD agent — memory and thread settings must be tuned on the agent, not the server. Add environment variables to your pipeline configuration:

# Increase heap size for larger repositories
export ANALYSER_XMX=-Xmx8g

# Match thread count to agent CPU cores for faster scans
export EMB_ANALYSER_THREADS=6
export EMB_PARSER_THREADS=4

Right-size these values for your codebase and agent spec:

• → Memory Settings Guide — heap size recommendations by repository size, with pipeline examples for GitHub Actions, Jenkins, and GitLab CI.
• → Multi-Threaded Execution — thread count recommendations by CPU core count, with pipeline examples.

Related Documentation

CI/CD Setup & Configuration

• CLI Scanner Reference - Complete command-line analysis guide
• ️ Repository Configuration - Scan settings and exclusions
• Memory Settings Guide - Performance tuning for CI agents
• Multi-Threaded Execution - Speed up CI/CD scans

Authentication & Security

• Access Tokens - Generate tokens for pipeline authentication
• User Roles & Permissions - RBAC for CI/CD integration
• SSO Integration - Enterprise authentication setup

Quality Governance

• ️ Quality Gates - Automated quality enforcement and CI/CD integration
• Rule Sets - Customize quality standards for pipelines
• Custom Rules - Organization-specific quality requirements

Platform-Specific Guides

• GitHub Actions - Native GitHub Actions plugin
• GitLab CI - GitLab CI/CD configuration
• DevOps Workflows - Complete development lifecycle integration

Analysis & Workflows

• Analysis Overview - Different scanning approaches
• Scans & Snapshots - Understanding CI/CD scan results
• Gated Commits - Prevent poor code from entering main branch
• Commit Workflows - Git-based quality workflows