How to customize the analysis rules for Codacy Guardrails#
By default, if no API token is provided in the MCP Server setup, Codacy uses a predefined configuration that includes all recommended rules (or code patterns that you can find on many parts of our product) from the supported built-in scanners.
However, when an API token is used, Codacy automatically retrieves the current rule configuration directly from your repository.
You can configure your rules in one of two ways:
-
Using built-in scanner configuration files–for version-controlled setups.
-
Using the Codacy UI–for quick, manual adjustments.
Note
If you're already using a configuration file, please we recommend you can follow the first way. Otherwise, the second way is the best for you, so you can configure directly in the Codacy platform.
Using configuration files#
The table below lists the configuration file names that Codacy detects and supports for each built-in scanner:
| Scanner name | Languages | Files detected | Other info |
|---|---|---|---|
| dartanalyzer | Dart | analysis_options.yaml |
Customizing static analysis |
| ESLint v8 | JavaScript, TypeScript | .eslintrc.js, .eslintrc.cjs, .eslintrc.yaml, .eslintrc.yml, .eslintrc.json |
|
| PMD | Apex, Java, JavaScript, JSP, PL/SQL, XML, Velocity and Visualforce | ruleset.xml, apex-ruleset.xml |
Supports configuration file in directories other than root and can search up to 5 directories into the repository. |
| Pylint | Python | pylintrc, .pylintrc |
Plugins |
| Semgrep | Apex, C++, C#, Dockerfile, Elixir, GitHub Actions, Go, Java, JavaScript, Kotlin, PHP, Python, Ruby, Rust, Scala, Shell, Swift, Terraform, TypeScript | .semgrep.yaml |
To use a configuration file for a static analysis tool:
-
Make sure the configuration file is located in the root of the default Codacy branch.
-
Open the repository Code patterns page, select the tool of interest, and activate the toggle to use a configuration file.
Note
-
After activating a configuration file for a tool, Codacy uses that configuration file even if you exclude it from Codacy analysis.
-
When using a tool configuration file alongside a coding standard, the configuration file controls the code patterns, while the coding standard controls whether the tool is enabled or disabled.
-
Codacy uses the version of the configuration file in the branch being analyzed. For example, if you open a pull request that includes changes to the configuration file, the analysis results take those changes into account.
-
If Codacy analyzes a branch that doesn't include the configuration file, Codacy reverts to using the code patterns configured for the tool before you selected the option Configuration file on the Code patterns page.
-
For performance reasons, when you update pattern settings using a configuration file, Codacy may display outdated messages for issues identified previously by those patterns.
Using the Codacy UI#
If you want to use Codacy UI, there are two ways you can follow to configure the built-in scanner rules:
- Using the Code Patterns configuration, if you want to configure the rules per repository or
- Using Coding Standards, if you want to configure the rules for multiple repositories
Code Patterns#
By default, Codacy analyzes your repositories using a subset of the supported analysis scanners and rules. These defaults are based on current best practices and community feedback, and you can adapt them to your needs. This feature is available in every repository you have on Codacy.
In order to set up your rules, please follow the next steps:
-
Open your repository Code patterns page.
-
Enable or disable the tools that Codacy will use to analyze the repository.
-
Select a tool to enable or disable its code patterns. To make it easier to find relevant patterns, use the filters above the pattern list. You can filter by issue category, status, severity level, or display only recommended code patterns.
To see an explanation of the issues that a pattern detects and how to fix them, click the respective dropdown arrow.
Tip
-
To enable a group of code patterns, use the filter to select the relevant group of patterns and click the checkbox in the header of the patterns list.
-
Codacy displays the tag New for one month next to the name of newly added code patterns.
-
Coding Standards#
Coding standards enable the analysis of multiple repositories with the same scanner and rules configurations, ensuring consistent code quality across your organization. Multiple coding standards can be applied to the same repository. For example, you can use coding standards to ensure that a group of repositories follow the same security rules or coding conventions.
To apply or edit a repository's coding standards, click Customize in the Following ... section at the top of the Code patterns page.
Select the coding standards that you want to follow or stop following and click Apply.
Note
- Scanners and rules enabled by a coding standard are enforced and can't be disabled.
- You can add extra scanners and rules, if these aren't enabled by any applied coding standard.
Share your feedback 📢
Did this page help you?
Thanks for the feedback! Is there anything else you'd like to tell us about this page?
255 characters left
We're sorry to hear that. Please let us know what we can improve:
255 characters left
Alternatively, you can create a more detailed issue on our GitHub repository.
Thanks for helping improve the Codacy documentation.
Edit this page on GitHub if you notice something wrong or missing.
If you have a question or need help please contact support@codacy.com.