Skip to content

Getting Started

GitHub Repository

https://github.com/QualiBooth/code-analysis

Prerequisites

Before configuring Code Analysis, you must:

  • Have access to a QualiBooth organization
  • Have access to the repository you want to scan
  • Have permission to configure CI/CD secrets or environment variables

Setup

Install QualiBoothAction

Add accessibility scanning to your CI pipeline in minutes.

The QualiBooth Code Analysis Docker image scans your codebase for accessibility issues using ESLint and reports results to your QualiBooth dashboard. Works with GitHub Actions, GitLab CI, Jenkins, and any CI that supports Docker.

Navigate to Code Analysis → Setup for a pre-filled configuration containing the correct QUALIBOOTH_ORG_UUID value for your organization.


GitHub Actions

Required Secrets

Add this secret to your GitHub repository under Settings → Secrets and variables → Actions:

VariableValue
QUALIBOOTH_ORG_UUIDYour organization UUID from the Setup page

Configuration

Create the following file in your repository:

.github/workflows/qualibooth.yml
yaml
name: QualiBooth Code Analysis
on:
  push:
    branches: ["main", "develop"]
  pull_request:
    branches: ["main"]
jobs:
  accessibility-scan:
    name: Accessibility Code Scan
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - name: Run QualiBooth Code Analysis
        uses: docker://ghcr.io/qualibooth/qualibooth-action:latest
        env:
          QUALIBOOTH_ORG_UUID: ${{ secrets.QUALIBOOTH_ORG_UUID }}
          QUALIBOOTH_REPO: ${{ github.repository }}
          QUALIBOOTH_SHA: ${{ github.sha }}
          QUALIBOOTH_BRANCH: ${{ github.ref_name }}

GitLab CI

Required Variables

Add this variable to your GitLab project under Settings → CI/CD → Variables:

VariableValue
QUALIBOOTH_ORG_UUIDYour organization UUID from the Setup page

Configuration

Add this job to your .gitlab-ci.yml file:

yaml
stages:
  - qualibooth-scan

qualibooth-scan:
  stage: qualibooth-scan
  image: ghcr.io/qualibooth/qualibooth-action:latest
  variables:
    QUALIBOOTH_ORG_UUID: $QUALIBOOTH_ORG_UUID
    QUALIBOOTH_REPO: "$CI_PROJECT_PATH"
    QUALIBOOTH_SHA: "$CI_COMMIT_SHA"
    QUALIBOOTH_BRANCH: "$CI_COMMIT_BRANCH"
  script:
    - /entrypoint.sh
  rules:
    - if: '$CI_COMMIT_BRANCH == "main" || $CI_COMMIT_BRANCH == "develop"'
    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'

Jenkins

Required Credentials

Configure this credential in Jenkins under Manage Jenkins → Credentials, or set it as an environment variable in your pipeline:

VariableValue
QUALIBOOTH_ORG_UUIDYour organization UUID from the Setup page

Configuration

Add this stage to your Jenkinsfile:

groovy
pipeline {
    agent any
    stages {
        stage('QualiBooth Accessibility Scan') {
            steps {
                script {
                    def repoName = env.GIT_URL
                        .replaceAll(/.*\/([^\/]+\/[^\/]+?)(\.git)?$/, '$1')
                    def branchName = env.GIT_BRANCH
                        ?.replace('origin/', '') ?: 'main'
                    sh """
                      docker run --rm \
                        --volumes-from jenkins \
                        -e GITHUB_WORKSPACE="${WORKSPACE}" \
                        -e QUALIBOOTH_ORG_UUID="${env.QUALIBOOTH_ORG_UUID}" \
                        -e QUALIBOOTH_REPO="${repoName}" \
                        -e QUALIBOOTH_SHA="${env.GIT_COMMIT}" \
                        -e QUALIBOOTH_BRANCH="${branchName}" \
                        ghcr.io/qualibooth/qualibooth-action:latest
                    """
                }
            }
        }
    }
}

Docker

Required Environment Variables

Set this environment variable when running the Docker image:

VariableValue
QUALIBOOTH_ORG_UUIDYour organization UUID from the Setup page

Configuration

Run the Docker image with these arguments:

sh
docker run --rm \
  -v "$(pwd):/workspace" \
  -e QUALIBOOTH_ORG_UUID="your-org-uuid" \
  -e QUALIBOOTH_REPO="owner/repo" \
  -e QUALIBOOTH_SHA="$(git rev-parse HEAD)" \
  -e QUALIBOOTH_BRANCH="$(git branch --show-current)" \
  ghcr.io/qualibooth/qualibooth-action:latest

Environment Variables

All configuration is passed via environment variables prefixed with QUALIBOOTH_.

VariableRequiredDefaultDescription
QUALIBOOTH_ORG_UUIDyesYour organization UUID
QUALIBOOTH_REPOyesRepository in owner/repo format
QUALIBOOTH_SHAyesGit commit SHA from the current context
QUALIBOOTH_BRANCHnomainBranch name for context
QUALIBOOTH_PROJECT_TYPEnoreactFramework type: react, vue, or html
QUALIBOOTH_SCAN_PATHSno.Comma-separated directories to scan
QUALIBOOTH_FAIL_ON_ISSUESnofalseExit with code 1 when issues are found
QUALIBOOTH_OUTPUTno/tmp/qualibooth-output.txtFile path for scan output
QUALIBOOTH_API_URLnohttps://api.qualibooth.comOverride API URL for staging or self-hosted deployments

Project Types

Set QUALIBOOTH_PROJECT_TYPE to match your framework:

TypePluginScanned Files
reacteslint-plugin-jsx-a11y (recommended ruleset).js, .jsx, .ts, .tsx
vueeslint-plugin-vuejs-accessibility (recommended ruleset).vue, .js
htmleslint-plugin-html + jsx-a11y rules.html, .htm, .js

Advanced Usage

Custom Scan Paths

Set QUALIBOOTH_SCAN_PATHS to a comma-separated list of directories to restrict scanning to specific parts of your repository.

Fail Build on Issues

Set QUALIBOOTH_FAIL_ON_ISSUES=true to exit with code 1 when accessibility issues are found, blocking CI pipelines on regressions.

Output File

After the scan completes, ISSUES_FOUND is written to the file specified by QUALIBOOTH_OUTPUT. Use this in subsequent CI steps to conditionally handle scan results.

Staging or Self-Hosted API

Override QUALIBOOTH_API_URL to point to a staging or self-hosted QualiBooth deployment.


What Gets Reported

For every issue discovered, QualiBooth records:

File and Line Number

The exact location where the issue was found.

Example:

src/components/Header.vue:42

Accessibility Rule

The accessibility rule that was violated.

Examples:

jsx-a11y/alt-text
jsx-a11y/label-has-associated-control
jsx-a11y/aria-role

Severity

Issues are categorized by severity:

  • Error
  • Warning

Branch and Commit Information

Every result is associated with:

  • Repository
  • Branch
  • Commit hash

This allows teams to understand exactly when an issue was introduced.

Example Accessibility Issues

Code Analysis can identify issues such as:

  • Missing alternative text on images
  • Labels not associated with form controls
  • Invalid ARIA roles
  • Invalid ARIA attributes
  • Keyboard accessibility issues
  • Improper focus handling
  • Invalid links
  • Accessibility issues in interactive elements

These checks are performed automatically during CI/CD execution using accessibility-focused ESLint rules.