Configuring code patterns
Organization admins can manage access to this feature
By default, Codacy analyzes your repositories using a subset of the supported analysis tools and code patterns. These defaults are based on current best practices and community feedback, and you can adapt them to your needs as follows:
- Configuring tools and code patterns using the Codacy UI
- Discover code patterns across all tools
- Customizing applied coding standards
- Customizing patterns when following coding standards
- Using tool configuration files
Configuring tools and code patterns using the Codacy UI
To configure the tools and code patterns for a repository using the Codacy UI:
-
Open your repository Code patterns page.
-
Enable or disable the tools that Codacy will use to analyze the repository.
-
Select a tool to enable or disable its code patterns. To make it easier to find relevant patterns, use the filters above the pattern list. You can filter by issue category, status, severity level, or display only recommended code patterns.
To see an explanation of the issues that a pattern detects and how to fix them, click the respective dropdown arrow.
tip-
To enable a group of code patterns, use the filter to select the relevant group of patterns and click the checkbox in the header of the patterns list.
-
Codacy displays the tag New for one month next to the name of newly added code patterns.
-
-
Optionally, to take the changes into account immediately, reanalyze the repository manually. Otherwise, Codacy will use the updated configuration when analyzing new commits and pull requests.
Discover code patterns across all tools
To discover code patterns across all tools, click Discover patterns at the top of the Tools list.
Use the input field to search for patterns by name or description. You can also filter by severity level, issue category, recommended or disabled patterns.
You can also expand your search to include patterns from all tools, even if the tool is not enabled for the repository.
Customizing applied coding standards
To apply or edit a repository's coding standards, click Customize in the Following ... section at the top of the Code patterns page.
Select the coding standards that you want to follow or stop following and click Apply.
Customizing patterns when following coding standards
Tools and patterns enabled by a coding standard are enforced and cannot be disabled. You can add extra tools and patterns, if these are not enabled by any applied coding standard.
Using tool configuration files
-
After activating a configuration file for a tool, Codacy uses that configuration file even if you exclude it from Codacy analysis.
-
When using a tool configuration file alongside a coding standard, the configuration file controls the code patterns, while the coding standard controls whether the tool is enabled or disabled.
Codacy supports configuration files for several static analysis tools to help you streamline your setup.
To use a configuration file for a static analysis tool:
-
Push the configuration file to the root of the default Codacy branch.
-
Open the repository Code patterns page, select the tool of interest, and activate the toggle to use a configuration file.
note-
Codacy uses the version of the configuration file in the branch being analyzed. For example, if you open a pull request that includes changes to the configuration file, the analysis results take those changes into account.
-
If Codacy analyzes a branch that doesn't include the configuration file, Codacy reverts to using the code patterns configured for the tool before you selected the option Configuration file on the Code patterns page.
-
For performance reasons, when you update pattern settings using a configuration file, Codacy may display outdated messages for issues identified previously by those patterns.
-
The table below lists the configuration file names that Codacy detects and supports for each tool:
| Tool name | Languages | Files detected | Other info |
|---|---|---|---|
| Ameba | Crystal | .ameba.yml | |
| Bandit | Python | bandit.yml, bandit.yaml, .bandit, bandit.toml, bandit.ini | To solve flagged valid Python "assert" statements, create a bandit.yml on the root of the repository containing: skips: ['B101'] |
| Brakeman | Ruby | config/brakeman.yml | |
| Checkstyle | Java | checkstyle.xml | Supports configuration file in directories other than root and can search up to 5 directories into the repository. |
| CodeNarc | Groovy | .codenarcrc | |
| Credo | Elixir | .credo.exs, config/.credo.exs | |
| dartanalyzer | Dart | analysis_options.yml | Customizing static analysis |
| detekt | Kotlin | default-detekt-config.yml, detekt.yml | Supports configuration file in directories other than root and can search up to 5 directories into the repository. |
| ESLint v8 | JavaScript, TypeScript | .eslintrc.js, .eslintrc.cjs, .eslintrc.yaml, .eslintrc.yml, .eslintrc.json | |
| ESLint v9 | JavaScript, TypeScript | eslint.config.js, eslint.config.mjs, eslint.config.cjs | |
| Hadolint | Dockerfile | .hadolint.yaml | |
| markdownlint | Markdown | .markdownlint.yml, .markdownlint.yaml, .markdownlint.jsonc, .markdownlint.json | |
| PHP_CodeSniffer | PHP | phpcs.xml, phpcs.xml.dist | |
| PHP Mess Detector | PHP | codesize.xml, phpmd.xml, phpmd.xml.dist | |
| PMD | Apex, Java, JavaScript, JSP, PL/SQL, XML, Velocity and Visualforce | ruleset.xml, apex-ruleset.xml | Supports configuration file in directories other than root and can search up to 5 directories into the repository. |
| Prospector | Python | .prospector.yml, .prospector.yaml, prospector.yml, prospector.yaml, .landscape.yml, .landscape.yaml, landscape.yml, landscape.yaml | |
| Pylint | Python | pylintrc, .pylintrc | Plugins |
| remark-lint | Markdown | .remarkrc, .remarkrc.json, .remarkrc.yaml, .remarkrc.yml, .remarkrc.js | |
| Revive | Go | revive.toml | |
| RuboCop | Ruby | .rubocop.yml, .rubocop-codacy.yml | Supports alternative configuration file .rubocop-codacy.yml for Codacy analysis, allowing exclusion of private gems. This prevents analysis issues caused by private gem references, ensuring proper validation by Codacy. |
| Ruff | Python | pyproject.toml, ruff.toml, .ruff.toml | |
| Scalastyle | Scala | scalastyle-config.xml, scalastyle_config.xml | |
| Semgrep | Apex, C++, C#, Dockerfile, Elixir, GitHub Actions, Go, Java, JavaScript, Kotlin, PHP, Python, Ruby, Rust, Scala, Shell, Swift, Terraform, TypeScript | .semgrep.yaml | |
| SonarC# | C# | SonarLint.xml | |
| SonarVB | Visual Basic | SonarLint.xml | |
| Spectral | AsyncAPI, OpenAPI | .spectral.yaml, .spectral.yml, .spectral.json | |
| SpotBugs | Java, Scala | findbugs.xml, findbugs-includes.xml, findbugs-excludes.xml, spotbugs.xml, spotbugs-includes.xml, spotbugs-excludes.xml | Supports configuration file in directories other than root and can search up to 5 directories into the repository. |
| SQLFluff | SQL | setup.cfg, tox.ini, pep8.ini, .sqlfluff, pyproject.toml | Supports configuration file in directories other than root |
| Stylelint | CSS, LESS, SASS | .stylelintrc, stylelint.config.js, .stylelintrc.json, .stylelintrc.yaml, .stylelintrc.yml, .stylelintrc.js | Supports configuration file in directories other than root and can search up to 5 directories into the repository. |
| SwiftLint | Swift | .swiftlint.yml | |
| TSQLLint | Transact-SQL | .tsqllintrc |
Codacy doesn't support configuration files for the following tools:
- Aligncheck
- Checkov
- Clang-Tidy
- Codacy Scalameta Pro
- CoffeeLint
- Cppcheck
- deadcode
- Flawfinder
- Gosec
- Jackson Linter
- Lizard
- PSScriptAnalyzer
- ShellCheck
- SQLint
- Staticcheck
- Trivy
- Unity Roslyn Analyzers