Skip to content

Cloud November 2025#

These release notes are for the Codacy Cloud updates during November 2025.

📢 Visit the Codacy roadmap and let us know your feedback on both new and planned product updates!

Product enhancements and Bug fixes#

New Features

  • Malicious Package Detection: Codacy now detects malicious packages as they are introduced via PR, or nightly via SCA (for clients with SCA enabled). Malicious packages are identified by OSSF and updated daily in Codacy's platform. This feature is automatically enabled for:
    • All existing coding standards/projects that have 'Vulnerable Dependencies (critical)' detection enabled.
    • All new coding standards and projects. See Codacy's documentation to know which package ecosystems are supported. (TAROT-3600)
  • False Positive PR Comments: False Positive detection now leaves a comment directly on your Pull Request, allowing you to review and handle potentially incorrect flags immediately. (CF-1975)

Improvements

  • Ignoring security issues in the "Quality" dashboard now automatically ignores the corresponding finding in the "Security and Risks Management" dashboard. (CF-2045)

Bug Fixes

  • Fixed an issue regarding error notifications (toasts) that caused them to close unexpectedly when clicking the "Show details" button. (LK-1773)

Tool versions#

  • Aligncheck: 1.0.0
  • Ameba: 1.6.4
  • Bandit: 1.8.3
  • Brakeman: 4.3.1
  • Bundler-audit: 0.9.1
  • Checkov: 3.2.457
  • Checkstyle: 10.26.1
  • Clang-tidy: 10.0.1
  • Codenarc: 3.6.0
  • Codesniffer: 3.10.1
  • Coffeelint: 5.2.11
  • Cppcheck: 2.18.0
  • Credo: 1.7.12
  • Csslint: 1.0.5
  • Dartanalyzer: 3.9.3
  • Deadcode: 1.0.0
  • Detekt: 1.23.8
  • Eslint v7: 7.32.0
  • Eslint v8: 8.57.0
  • Eslint v9: 9.38.0
  • Faux-pas: 1.7.2
  • Flawfinder: 2.0.19
  • Gorevive: 1.12.0
  • Gosec: 2.22.7
  • Hadolint: 2.12.0
  • Jackson-linter: 2.19.2
  • Jshint: 2.13.6
  • Lizard: 1.17.31
  • Markdownlint: 0.33.0
  • Phpmd: 2.14.1
  • Pmd: 6.55.0
  • Pmd7: 7.16.0
  • Prospector: 1.17.2
  • Psscriptanalyzer: 1.24.0
  • Pylint v1: 1.9.5
  • Pylint v3: 3.3.9
  • Reek: 6.5.0
  • Remark-lint: 10.0.1
  • Roslyn: 1.23.0
  • Rubocop: 1.80.2
  • Ruff: 0.12.7
  • Scalameta-pro: 1.4.4
  • Scalastyle: 1.5.1
  • Semgrep: 1.78.0
  • Shellcheck: 0.10.0
  • Sonar-csharp: 9.32
  • Sonar-visual-basic: 8.13
  • Spectral: 1.22.0
  • Spotbugs: 4.8.4
  • Sqlfluff: 3.4.2
  • Sqlint: 0.2.1
  • Staticcheck: 2025.1.1
  • Stylelint: 16.23.0
  • Swiftlint: 0.61.0
  • Tailor: 0.12.0
  • Trivy: 0.67.2
  • Tslint: 6.1.3
  • Tsqllint: 1.16.0

Share your feedback 📢

Did this page help you?

Thanks for the feedback! Is there anything else you'd like to tell us about this page?

We're sorry to hear that. Please let us know what we can improve:

Alternatively, you can create a more detailed issue on our GitHub repository.

Thanks for helping improve the Codacy documentation.

Edit this page on GitHub if you notice something wrong or missing.

If you have a question or need help please contact support@codacy.com.

Last modified December 11, 2025