[CRAVEX] Generic CI/CD integration (#1944)

tdruez · web-flow · commit 37172d552e09 · 2025-10-30T18:59:17.000+04:00
Signed-off-by: tdruez &lt;tdruez@aboutcode.org&gt;
diff --git a/docs/automation.rst b/docs/automation.rst
@@ -3,11 +3,131 @@
 Automation
 ==========
 
-To **automate ScanCode.io scans and schedule** them for regular execution or in
-response to **specific events**, such as commits or releases, you can explore
-various available options:
+**Automate ScanCode.io scans** by integrating them into your CI/CD pipelines or
+scheduling them to run on specific events such as commits, pull requests, or releases.
 
-1. Utilize an external ScanCode.io server (REST API)
+CI/CD Integrations
+------------------
+
+Seamlessly integrate ScanCode.io into your development workflow to automatically scan
+code for licenses, vulnerabilities, and compliance issues.
+
+GitHub Actions
+^^^^^^^^^^^^^^
+
+Use the official `scancode-action <https://github.com/aboutcode-org/scancode-action>`_
+to integrate ScanCode.io into your GitHub workflows.
+
+**Features:**
+
+- Run ScanCode.io pipelines automatically
+- Check for compliance issues and policy violations
+- Detect security vulnerabilities
+- Generate SBOMs in multiple formats (SPDX, CycloneDX)
+- Export results in JSON and XLSX formats
+
+**Example usage:**
+
+.. code-block:: yaml
+
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          path: scancode-inputs
+      - uses: aboutcode-org/scancode-action@main
+        with:
+          pipelines: "scan_codebase"
+          output-formats: "json xlsx spdx cyclonedx"
+
+
+**Documentation:**
+https://github.com/aboutcode-org/scancode-action
+
+Jenkins
+^^^^^^^
+
+Integrate ScanCode.io into your Jenkins pipelines with a simple Jenkinsfile.
+
+**Quick example:**
+
+.. code-block:: groovy
+
+    pipeline {
+        agent any
+
+        stages {
+            stage('Scan') {
+                steps {
+                    sh '''
+                        docker run --rm \
+                          -v "${WORKSPACE}":/codedrop \
+                          ghcr.io/aboutcode-org/scancode.io:latest \
+                          run scan_codebase /codedrop \
+                          > scancode_results.json
+                    '''
+                    archiveArtifacts 'scancode_results.json'
+                }
+            }
+        }
+    }
+
+**Full documentation:**
+https://github.com/aboutcode-org/scancode-action/blob/main/jenkins/README.md
+
+GitLab
+^^^^^^
+
+Run ScanCode.io scans in your GitLab pipelines.
+
+**Full documentation:**
+https://github.com/aboutcode-org/scancode-action/blob/main/gitlab/README.md
+
+Azure Pipelines
+^^^^^^^^^^^^^^^
+
+Run ScanCode.io scans in Azure DevOps pipelines.
+
+**Full documentation:**
+https://github.com/aboutcode-org/scancode-action/blob/main/azure-pipelines/README.md
+
+Other CI/CD Systems
+^^^^^^^^^^^^^^^^^^^
+
+ScanCode.io can be integrated into **any CI/CD system** that supports Docker using the
+:ref:`RUN command <cli_run>`.
+
+**Requirements:**
+
+- Docker must be installed and available in your CI/CD environment
+- Sufficient disk space for Docker images and scan results
+
+**Basic command:**
+
+.. code-block:: bash
+
+    docker run --rm \
+      -v "$(pwd)":/codedrop \
+      ghcr.io/aboutcode-org/scancode.io:latest \
+      run [PIPELINE] [INPUTS] \
+      > scancode_results.json
+
+Replace ``[PIPELINE]`` with your desired pipeline (e.g., ``scan_codebase``,
+``scan_single_package``) and ``[INPUTS]`` with the path to scan.
+
+See :ref:`available pipelines <built_in_pipelines>` for more options.
+
+**Example with specific pipeline:**
+
+.. code-block:: bash
+
+    docker run --rm \
+      -v "$(pwd)":/codedrop \
+      ghcr.io/aboutcode-org/scancode.io:latest \
+      run scan_codebase /codedrop \
+      > scancode_results.json
+
+2. Utilize an external ScanCode.io server (REST API)
 ----------------------------------------------------
 
 If you have access to an external ScanCode.io server, you can interact with it
@@ -73,18 +193,6 @@ automation methods such as a cron job or a git hook::
     By providing the required environment variables in this manner, you can execute the
     script with the appropriate configurations and credentials.
 
-2. Integrating ScanCode.io with GitHub Workflows
-------------------------------------------------
-
-Seamlessly integrate ScanCode.io into your GitHub Workflows to enable automated scans
-as an integral part of your development process.
-
-Visit the `scancode-action repository <https://github.com/aboutcode-org/scancode-action>`_
-to explore and learn more about the GitHub Action for ScanCode.io.
-The repository provides detailed information, usage instructions,
-and configuration options to help you incorporate code scanning effortlessly into your
-workflows.
-
 3. Run a Local ScanCode.io app on your machine (management commands)
 --------------------------------------------------------------------
 
diff --git a/docs/quickstart.rst b/docs/quickstart.rst
@@ -183,22 +183,31 @@ See the :ref:`installation` chapter for the full list of installation options.
 Integrate with Your Workflows
 -----------------------------
 
-ScanCode.io can be part of your CI/CD workflow.
+ScanCode.io integrates seamlessly into CI/CD pipelines, enabling automated scans on
+commits, pull requests, releases, and scheduled events.
+
+**Supported platforms:**
+
+- **GitHub Actions** - Official action with built-in compliance checks
+- **GitLab** - Docker-based pipeline integration
+- **Jenkins** - Jenkinsfile integration with artifact archiving
+- **Azure Pipelines** - Azure DevOps pipeline support
+- **Any CI/CD system** - Direct Docker command integration
 
 GitHub Actions
 ^^^^^^^^^^^^^^
 
 Use the official `scancode-action <https://github.com/aboutcode-org/scancode-action>`_
-to integrate **ScanCode.io into your GitHub workflows** with ease.
+to integrate ScanCode.io into your GitHub workflows.
 
-This action lets you:
+**Features:**
 
-- **Run pipelines**
-- **Check for compliance issues**
-- **Detect vulnerabilities**
-- **Generate SBOMs and scan results**
+- Run pipelines automatically on repository events
+- Check for compliance issues and policy violations
+- Detect security vulnerabilities
+- Generate SBOMs in multiple formats (SPDX, CycloneDX)
 
-Example usage:
+**Example usage:**
 
 .. code-block:: yaml
 
@@ -212,8 +221,10 @@ Example usage:
           pipelines: "scan_codebase"
           output-formats: "json xlsx spdx cyclonedx"
 
-Full details available at:
-https://github.com/aboutcode-org/scancode-action
+**Learn more:** https://github.com/aboutcode-org/scancode-action
 
-.. tip::
-    Learn more about automation options in the :ref:`automation` section.
+Other CI/CD Platforms
+^^^^^^^^^^^^^^^^^^^^^
+
+For setup instructions and examples for other platforms, see the :ref:`automation`
+section.
