Scanning code along with Docker build, Automated test reports

bishal · November 4, 2025, 11:47am

Template for a good new topic, formatted with Markdown:

ALM used Bitbucket Cloud
CI system used Bitbucket Cloud
Languages of the repository JS/TS, Python

Issue

The scanning phase is done after the build phase in the official docs, but we directly build Docker images in the Build process of CI.

Can we perform SAST scanning along with the Docker build process, or do we need to perform two separate build steps?

Currently, we don’t make use of any automated tests in our pipeline, so can you please recommend automated tests for JS/TS and Python stacks? Which tools can we make use of in our CI/CD process?

ganncamp · November 5, 2025, 5:00pm

Hi,

For JS/TS, Python, you should be able to run the steps in any order. (This is not the case for Java, C#, C, C++ and Objective-C.)

Once you add tests, of course, you’ll want to produce the test report before analysis so you can feed it in.

HTH,
Ann

Topic		Replies	Views
Scan in two steps - possible? Static code analysis vs. tests & coverage SonarQube Server / Community Build sonarqube , scanner , coverage , tests	1	986	January 21, 2019
Sonarcloud scanning for a nextjs react app SonarQube Cloud	2	4248	March 19, 2019
Code Coverage via PostMan API Test Suite SonarQube Cloud	2	1480	June 21, 2019
Code coverage in sonar-scanner-cli Suggest new features	2	961	June 15, 2020
Run autoscan after a github action so test coverage is reported SonarQube Cloud autoscan	2	522	April 23, 2021

Scanning code along with Docker build, Automated test reports

Related topics