This documentation is a preview of the pull request #2074

For the latest updates and improvements in production, open docs.codacy.com instead.

Configuring code patterns

Organization admins can manage access to this feature

By default, Codacy analyzes your repositories using a subset of the supported analysis tools and code patterns. These defaults are based on current best practices and community feedback, and you can adapt them to your needs as follows:

• Configuring tools and code patterns using the Codacy UI
• Using tool configuration files

Configuring tools and code patterns using the Codacy UI

Note

If you update the configurations of a repository that follows a coding standard, Codacy copies the coding standard configurations to the repository and the repository stops following the coding standard. You can then customize the repository configurations without affecting the coding standard.

To configure the tools and code patterns for a repository using the Codacy UI:

1. Open your repository Code patterns page.

   

2. Enable or disable the tools that Codacy will use to analyze the repository.

   

3. Select a tool to enable or disable its code patterns. To make it easier to find relevant patterns, use the sidebar filters. You can filter by language, issue category, or status.

   To see an explanation of the issues that a pattern detects and how to fix them, click Show details. Some patterns also allow you to configure the rules for detecting issues.

   Tip

   • To enable a group of code patterns, use the filter to select the relevant group of patterns and click Enable all. For example, to enable all Security patterns, click the Security filter and then click Enable all.

   • Codacy displays the tag New for one month next to the name of newly added code patterns.

   

4. Optionally, to take the changes into account immediately, reanalyze the repository manually. Otherwise, Codacy will use the updated configuration when analyzing new commits and pull requests.

Using tool configuration files

Note

• After activating a configuration file for a tool, Codacy uses that configuration file even if you exclude it from Codacy analysis.

• When using a tool configuration file alongside a coding standard, the configuration file controls the code patterns, while the coding standard controls whether the tool is enabled or disabled.

Codacy supports configuration files for several static analysis tools to help you streamline your setup.

To use a configuration file for a static analysis tool:

1. Push the configuration file to the root of the default Codacy branch.

2. Open the repository Code patterns page, select the tool of interest, and select the option Configuration file.

   Note

   • Codacy uses the version of the configuration file in the branch being analyzed. For example, if you open a pull request that includes changes to the configuration file, the analysis results take those changes into account.

   • If Codacy analyzes a branch that doesn't include the configuration file, Codacy reverts to using the code patterns configured for the tool before you selected the option Configuration file on the Code patterns page.

   • For performance reasons, when you update pattern settings using a configuration file, Codacy may display outdated messages for issues identified previously by those patterns.

   

The table below lists the configuration file names that Codacy detects and supports for each tool:

Tool name	Languages	Files detected	Other info
Ameba	Crystal	.ameba.yml
Bandit	Python	bandit.yml, .bandit	To solve flagged valid Python "assert" statements, create a bandit.yml on the root of the repository containing: skips: \['B101'\]
Brakeman	Ruby	config/brakeman.yml
Checkstyle	Java	checkstyle.xml	Supports configuration file in directories other than root and can search up to 5 directories into the repository.
CodeNarc	Groovy	.codenarcrc
Credo	Elixir	.credo.exs, config/.credo.exs
dartanalyzer	Dart	analysis_options.yml	Customizing static analysis
detekt	Kotlin	default-detekt-config.yml, detekt.yml	Supports configuration file in directories other than root and can search up to 5 directories into the repository.
ESLint	JavaScript, TypeScript	.eslintrc.js, .eslintrc.cjs, .eslintrc.yaml, .eslintrc.yml, .eslintrc.json	Plugins configurable on the Codacy UI Other supported plugins If you're using module-level ESLint configuration files, you must also include a ESLint configuration file on the root of your repository for Codacy to detect that you're using configuration files. For example, add the following minimal .eslintrc.json configuration file: { "root": true }
Hadolint	Dockerfile	.hadolint.yaml
markdownlint	Markdown	.markdownlint.json
PHP_CodeSniffer	PHP	phpcs.xml, phpcs.xml.dist
PHP Mess Detector	PHP	codesize.xml, phpmd.xml, phpmd.xml.dist
PMD	Apex, Java, JavaScript, JSP, PL/SQL, XML, Velocity and Visualforce	ruleset.xml, apex-ruleset.xml	Supports configuration file in directories other than root and can search up to 5 directories into the repository.
Prospector	Python	.prospector.yml, .prospector.yaml, prospector.yml, prospector.yaml, .landscape.yml, .landscape.yaml, landscape.yml, landscape.yaml
Pylint	Python	pylintrc, .pylintrc	Plugins
remark-lint	Markdown	.remarkrc, .remarkrc.json, .remarkrc.yaml, .remarkrc.yml, .remarkrc.js
Revive	Go	revive.toml
RuboCop	Ruby	.rubocop.yml, .rubocop-codacy.yml	Supports alternative configuration file .rubocop-codacy.yml for Codacy analysis, allowing exclusion of private gems. This prevents analysis issues caused by private gem references, ensuring proper validation by Codacy.
Scalastyle	Scala	scalastyle-config.xml, scalastyle_config.xml
Semgrep	Apex, C++, C#, Dockerfile, Elixir, GitHub Actions, Go, Java, JavaScript, Kotlin, PHP, Python, Ruby, Rust, Scala, Shell, Swift, Terraform, TypeScript	.semgrep.yaml
SonarC#	C#	SonarLint.xml
SonarVB	Visual Basic	SonarLint.xml
Spectral	AsyncAPI, OpenAPI	.spectral.yaml, .spectral.yml, .spectral.json
SpotBugs	Java, Scala	findbugs.xml, findbugs-includes.xml, findbugs-excludes.xml, spotbugs.xml, spotbugs-includes.xml, spotbugs-excludes.xml	Supports configuration file in directories other than root and can search up to 5 directories into the repository.
Stylelint	CSS, LESS, SASS	.stylelintrc, stylelint.config.js, .stylelintrc.json, .stylelintrc.yaml, .stylelintrc.yml, .stylelintrc.js	Supports configuration file in directories other than root and can search up to 5 directories into the repository.
SwiftLint	Swift	.swiftlint.yml
TSQLLint	Transact-SQL	.tsqllintrc

Note

Codacy doesn't support configuration files for the following tools:

• aligncheck
• Checkov
• Clang-Tidy
• Codacy Scalameta Pro
• CoffeeLint
• Cppcheck
• deadcode
• Flawfinder
• Gosec
• Jackson Linter
• PSScriptAnalyzer
• ShellCheck
• SQLint
• Staticcheck
• Trivy
• Unity Roslyn Analyzers

See also

• Applying a coding standard across multiple repositories
• How to implement Google JavaScript style guide with Codacy

Share your feedback 📢

Did this page help you?

Yes No

Thanks for the feedback! Is there anything else you'd like to tell us about this page?

Send 255 characters left

We're sorry to hear that. Please let us know what we can improve:

Send 255 characters left

Alternatively, you can create a more detailed issue on our GitHub repository.

Thanks for helping improve the Codacy documentation.

Edit this page on GitHub if you notice something wrong or missing.

If you have a question or need help please contact support@codacy.com.

Last modified May 29, 2024