Jenkinsfile (declarative pipeline):
pipeline {
agent any
environment {
CODECHARTER_API_KEY = credentials('codecharter-api-key')
CODECHARTER_VERSION = '1.4.0'
}
stages {
stage('Install CodeCharter') {
steps {
sh '''
curl -sSL -H "Authorization: Bearer $CODECHARTER_API_KEY" \\
-o codecharter.tar.gz \\
https://codecharter.tools/api/v1/cli/linux-x64/$CODECHARTER_VERSION
mkdir -p codecharter-bin && tar -xzf codecharter.tar.gz -C codecharter-bin
chmod +x codecharter-bin/codecharter
'''
}
}
stage('CodeCharter analyze') {
steps {
sh './codecharter-bin/codecharter analyze . --fail-on error --output sarif --output-file codecharter.sarif'
}
post {
always {
archiveArtifacts artifacts: 'codecharter.sarif', allowEmptyArchive: true
}
}
}
}
}
Getting an API key
- Generate a key in the portal under API Keys.
- In Jenkins:
Manage Jenkins → Credentials → Add credentials, "Secret text" with IDcodecharter-api-key. - Reference it in the pipeline with
credentials('codecharter-api-key')as shown above.
Warnings Next Generation Plugin
If you have the Warnings NG Plugin installed, you can display SARIF results directly:
post {
always {
recordIssues(
tools: [sarif(pattern: 'codecharter.sarif', name: 'CodeCharter')]
)
}
}
This puts findings in the build overview, trend chart, and PR pages (if you have a Bitbucket or GitHub plugin installed).
Caching
With the Job Cacher Plugin:
options {
cache(maxCacheSize: 200, caches: [
[
$class: 'ArbitraryFileCache',
path: '~/.cache/codecharter'
]
])
}
Self-hosted agents
Standard for Jenkins. The agent needs one-time network access to
codecharter.tools, or you can place the binary directly on the agent.
Multi-branch pipelines
Works without any changes. Each branch builds its findings against its own state of
the .codecharter/ configuration.