Codacy Product Showcase: April 2024

Group 370

Codacy Security Adds Thousands of New SAST Rules With Semgrep Integration

Group 370

Now Available. Centralized view of security issues & risk within Codacy

In this article:
Subscribe to our blog:

Codacy is empowering engineering teams to bring their security auditing process to the surface.

Today we’re giving all Codacy Quality customers access to Codacy Security, our new security and risk management solution that will empower engineering teams to prioritize and fix their most critical security issues with a unified view.

With the security and risk management dashboards, you can now identify, prioritize, and fix all your security issues from one place. In addition to having visibility of all security issues found by Codacy across all your repositories, you can also include issues from third-party security products. Furthermore, we are introducing Service Level Agreements (SLAs) to assist users in completing compliance processes, such as SOC2, HIPAA, and others.

This new capability addresses two key pain points commonly faced by Engineering and Security teams. 

  1. The lack of a unified control plane for security issues, especially when dealing with multiple repositories, or different kinds of security analyses. 
  2. The need for clear and concise reports that can be utilized by compliance teams and auditors.

The security and risk management dashboard offers a new interface that automates security auditing for you. You can access an overview report of all outstanding security issues, providing visibility into the organization’s security risk along with the performance of automatically defined SLAs. You can then drill down to prioritize and fix the most severe security issues impacting the organization, across repositories, and findings from third-party tools.

Security and risk management is available to all Codacy Quality customers as of July 3, 2023. You can access it now in your organization under “Security and Risk”, where you’ll find all your Codacy security issues.

If you are using third-party security products, like Checkmarx, Veracode, or Snyk, we recommend setting up the new Jira integration to import all of your security issues: How to get your Checkmarx results into the Security & Risk Management dashboard?

For now, these dashboards are only available to organization admins, so be sure to invite the security experts on your team to use the new dashboard.

The security and risk management preview is the first of many upcoming developments for Codacy Security. We’re really excited about putting security first and helping our customers move faster and safer while developing software.

To get started, visit your organization’s “Security and Risk” tab to explore the new solution, and let us know your thoughts.


Security alerts on your project
Just launched our security dashboard: a way for you to quickly view all the security alerts at once.
Codacy Security Adds Thousands of New SAST Rules With Semgrep Integration
If 2023 taught us anything, it’s that code quality and code security are inextricably linked. Their main commonality? They are both required upstream...
Codacy Vulnerability Scanning Now Includes Insecure Dependencies Detection
As recently announced during our latest Product Showcase, our team is invested in developing new and exciting Codacy security features.

Automate code
reviews on your commits and pull request

Group 13