Appearance
Getting Started
GitHub Repository
https://github.com/QualiBooth/code-analysis
Prerequisites
Before configuring Code Analysis, you must:
- Have access to a QualiBooth organization
- Have access to the repository you want to scan
- Have permission to configure CI/CD secrets or environment variables
Setup
Install QualiBoothAction
Add accessibility scanning to your CI pipeline in minutes.
The QualiBooth Code Analysis Docker image scans your codebase for accessibility issues using ESLint and reports results to your QualiBooth dashboard. Works with GitHub Actions, GitLab CI, Jenkins, and any CI that supports Docker.
Navigate to Code Analysis → Setup for a pre-filled configuration containing the correct QUALIBOOTH_ORG_UUID value for your organization.
GitHub Actions
Required Secrets
Add this secret to your GitHub repository under Settings → Secrets and variables → Actions:
| Variable | Value |
|---|---|
QUALIBOOTH_ORG_UUID | Your organization UUID from the Setup page |
Configuration
Create the following file in your repository:
.github/workflows/qualibooth.ymlyaml
name: QualiBooth Code Analysis
on:
push:
branches: ["main", "develop"]
pull_request:
branches: ["main"]
jobs:
accessibility-scan:
name: Accessibility Code Scan
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Run QualiBooth Code Analysis
uses: docker://ghcr.io/qualibooth/qualibooth-action:latest
env:
QUALIBOOTH_ORG_UUID: ${{ secrets.QUALIBOOTH_ORG_UUID }}
QUALIBOOTH_REPO: ${{ github.repository }}
QUALIBOOTH_SHA: ${{ github.sha }}
QUALIBOOTH_BRANCH: ${{ github.ref_name }}GitLab CI
Required Variables
Add this variable to your GitLab project under Settings → CI/CD → Variables:
| Variable | Value |
|---|---|
QUALIBOOTH_ORG_UUID | Your organization UUID from the Setup page |
Configuration
Add this job to your .gitlab-ci.yml file:
yaml
stages:
- qualibooth-scan
qualibooth-scan:
stage: qualibooth-scan
image: ghcr.io/qualibooth/qualibooth-action:latest
variables:
QUALIBOOTH_ORG_UUID: $QUALIBOOTH_ORG_UUID
QUALIBOOTH_REPO: "$CI_PROJECT_PATH"
QUALIBOOTH_SHA: "$CI_COMMIT_SHA"
QUALIBOOTH_BRANCH: "$CI_COMMIT_BRANCH"
script:
- /entrypoint.sh
rules:
- if: '$CI_COMMIT_BRANCH == "main" || $CI_COMMIT_BRANCH == "develop"'
- if: '$CI_PIPELINE_SOURCE == "merge_request_event"'Jenkins
Required Credentials
Configure this credential in Jenkins under Manage Jenkins → Credentials, or set it as an environment variable in your pipeline:
| Variable | Value |
|---|---|
QUALIBOOTH_ORG_UUID | Your organization UUID from the Setup page |
Configuration
Add this stage to your Jenkinsfile:
groovy
pipeline {
agent any
stages {
stage('QualiBooth Accessibility Scan') {
steps {
script {
def repoName = env.GIT_URL
.replaceAll(/.*\/([^\/]+\/[^\/]+?)(\.git)?$/, '$1')
def branchName = env.GIT_BRANCH
?.replace('origin/', '') ?: 'main'
sh """
docker run --rm \
--volumes-from jenkins \
-e GITHUB_WORKSPACE="${WORKSPACE}" \
-e QUALIBOOTH_ORG_UUID="${env.QUALIBOOTH_ORG_UUID}" \
-e QUALIBOOTH_REPO="${repoName}" \
-e QUALIBOOTH_SHA="${env.GIT_COMMIT}" \
-e QUALIBOOTH_BRANCH="${branchName}" \
ghcr.io/qualibooth/qualibooth-action:latest
"""
}
}
}
}
}Docker
Required Environment Variables
Set this environment variable when running the Docker image:
| Variable | Value |
|---|---|
QUALIBOOTH_ORG_UUID | Your organization UUID from the Setup page |
Configuration
Run the Docker image with these arguments:
sh
docker run --rm \
-v "$(pwd):/workspace" \
-e QUALIBOOTH_ORG_UUID="your-org-uuid" \
-e QUALIBOOTH_REPO="owner/repo" \
-e QUALIBOOTH_SHA="$(git rev-parse HEAD)" \
-e QUALIBOOTH_BRANCH="$(git branch --show-current)" \
ghcr.io/qualibooth/qualibooth-action:latestEnvironment Variables
All configuration is passed via environment variables prefixed with QUALIBOOTH_.
| Variable | Required | Default | Description |
|---|---|---|---|
QUALIBOOTH_ORG_UUID | yes | — | Your organization UUID |
QUALIBOOTH_REPO | yes | — | Repository in owner/repo format |
QUALIBOOTH_SHA | yes | — | Git commit SHA from the current context |
QUALIBOOTH_BRANCH | no | main | Branch name for context |
QUALIBOOTH_PROJECT_TYPE | no | react | Framework type: react, vue, or html |
QUALIBOOTH_SCAN_PATHS | no | . | Comma-separated directories to scan |
QUALIBOOTH_FAIL_ON_ISSUES | no | false | Exit with code 1 when issues are found |
QUALIBOOTH_OUTPUT | no | /tmp/qualibooth-output.txt | File path for scan output |
QUALIBOOTH_API_URL | no | https://api.qualibooth.com | Override API URL for staging or self-hosted deployments |
Project Types
Set QUALIBOOTH_PROJECT_TYPE to match your framework:
| Type | Plugin | Scanned Files |
|---|---|---|
react | eslint-plugin-jsx-a11y (recommended ruleset) | .js, .jsx, .ts, .tsx |
vue | eslint-plugin-vuejs-accessibility (recommended ruleset) | .vue, .js |
html | eslint-plugin-html + jsx-a11y rules | .html, .htm, .js |
Advanced Usage
Custom Scan Paths
Set QUALIBOOTH_SCAN_PATHS to a comma-separated list of directories to restrict scanning to specific parts of your repository.
Fail Build on Issues
Set QUALIBOOTH_FAIL_ON_ISSUES=true to exit with code 1 when accessibility issues are found, blocking CI pipelines on regressions.
Output File
After the scan completes, ISSUES_FOUND is written to the file specified by QUALIBOOTH_OUTPUT. Use this in subsequent CI steps to conditionally handle scan results.
Staging or Self-Hosted API
Override QUALIBOOTH_API_URL to point to a staging or self-hosted QualiBooth deployment.
What Gets Reported
For every issue discovered, QualiBooth records:
File and Line Number
The exact location where the issue was found.
Example:
src/components/Header.vue:42Accessibility Rule
The accessibility rule that was violated.
Examples:
jsx-a11y/alt-text
jsx-a11y/label-has-associated-control
jsx-a11y/aria-roleSeverity
Issues are categorized by severity:
- Error
- Warning
Branch and Commit Information
Every result is associated with:
- Repository
- Branch
- Commit hash
This allows teams to understand exactly when an issue was introduced.
Example Accessibility Issues
Code Analysis can identify issues such as:
- Missing alternative text on images
- Labels not associated with form controls
- Invalid ARIA roles
- Invalid ARIA attributes
- Keyboard accessibility issues
- Improper focus handling
- Invalid links
- Accessibility issues in interactive elements
These checks are performed automatically during CI/CD execution using accessibility-focused ESLint rules.