Client-side tools enable you to run analysis either locally or as part of your CI pipeline, and then integrating the results into Codacy. This way, Codacy presents the analysis information reported by your local tools together with all other code quality information on the Codacy dashboards.
Codacy supports client-side tools in two ways:
Containerized tools: Codacy provides a Docker image for the tools, and you run the images using the Codacy Analysis CLI.
The Codacy Analysis CLI automatically fetches the code pattern settings that you define on the Codacy UI and applies them when running these tools.
Standalone tools: Codacy provides auxiliary converters that parse the output of third-party tools and convert to a format that you then upload to Codacy. You must download, configure, and run the third-party tools yourself.
You can't configure these tools on the Codacy UI, since you manage their configuration locally.
The table below describes the supported client-side tools and includes links to specific instructions on how to run each tool.
If you're using GitHub we recommend that you use the Codacy Analysis CLI GitHub Action to run the containerized client-side tools and upload the results to Codacy.
|Language||Client-side tool||Description||Usage instructions|
|C, C++||Clang-Tidy||Clang-tidy is a clang-based C++ “linter” tool. Its purpose is to provide an extensible framework for diagnosing and fixing typical programming errors, like style violations, interface misuse, or bugs that can be deduced via static analysis. Clang-tidy is modular and provides a convenient interface for writing new checks.||Running Clang-Tidy (standalone)|
|Go||aligncheck||aligncheck is a utility for finding unused struct fields in Go source files.||Running aligncheck (containerized)|
|deadcode||deadcode is a very simple utility which detects unused declarations in Go packages.||Running deadcode (containerized)|
|Gosec||Gosec inspects source code for security problems by scanning the Go AST.||Running Gosec (standalone)|
|Staticcheck||Staticcheck is a state of the art linter for the Go programming language. Using static analysis, it finds bugs and performance issues, offers simplifications, and enforces style rules.||Running Staticcheck (standalone)|
|Java, Scala||SpotBugs||SpotBugs is a program which uses static analysis to look for bugs in Java code. Together with the Find Security Bugs plugin it provides security audits. It has support for Maven, sbt, and Gradle in Java projects.||Running SpotBugs (containerized)|
|Objective-C||Clang-Tidy||Clang-tidy is a clang-based C++ "linter" tool. Its purpose is to provide an extensible framework for diagnosing and fixing typical programming errors, like style violations, interface misuse, or bugs that can be deduced via static analysis. Clang-tidy is modular and provides a convenient interface for writing new checks.||Running Clang-Tidy (standalone)|
|Faux Pas||Faux Pas inspects your iOS or Mac app's Xcode project and warns about possible bugs, as well as about maintainability and style issues.||Running Faux Pas (standalone)|
Share your feedback 📢
Did this page help you?
Thanks for the feedback! Is there anything else you'd like to tell us about this page?
255 characters left
We're sorry to hear that. Please let us know what we can improve:
255 characters left
Alternatively, you can create a more detailed issue on our GitHub repository.
Thanks for helping improve the Codacy documentation.
Edit this page on GitHub if you notice something wrong or missing.
If you have a question or need help please contact email@example.com.