Home Code Quality Static Code Analysis: client-side tools integration with Codacy

Static Code Analysis: client-side tools integration with Codacy

Author

Date

Category

Testing and analyzing your code is one of the most important parts of your software development process. With Codacy, you can automate code reviews, with your code being automatically evaluated in every commit and pull request. Codacy uses static code analysis to do that, which means that we analyze your code without executing it in a non-runtime environment. Static code analysis makes early development faster and more efficient since errors can be caught before they end up causing significant damage — to your software and your heart, because finding a major error in production is not for the faint-hearted.

Codacy uses several tools to perform automatic static code analysis over 40+ supported languages and frameworks. However, some tools require code compilation, so Codacy does not directly integrate them. But don’t worry, you can still use those tools! You just need to configure them as client-side tools. We are here to help you shift left and analyze your code earlier in the development lifecycle.

How does Codacy support client-side tools?

At the moment, Codacy supports client-side tools in two different ways, depending on if they are considered standalone or containerized. Let’s analyze each of the options.

Standalone tools

You need to download, configure, and run standalone tools yourself. You can’t configure these tools on the Codacy UI because they must be configured manually. However, we are not leaving you alone: Codacy provides auxiliary converters that parse the output provided by the standalone tools’ output and convert it to a format that you can later upload to Codacy using our API. 

Containerized tools

For containerized tools, Codacy provides a Docker image (an executable package) for the tools, and you can then run the image using the Codacy Analysis CLI. Check out how to set it up in our documentation. When Codacy Analysis CLI is up and running, it will automatically fetch the code pattern settings that you previously defined in the Codacy UI and apply them when running these tools.

If you are using GitHub, you can use the Codacy Analysis CLI GitHub Action to run any containerized tool and upload the results to Codacy. Codacy will then display the results of the analysis of your commits and pull requests on the UI. 

7 client-side tools integrated by Codacy

Codacy currently supports 7 client-side tools: 4 standalone and 3 containerized options. Let’s get to know them.

aligncheck (Containerized)

The check package is a linter tool for the Go programming language, with a set of 3 utilities. Aligncheck detects align errors, varcheck finds unused global variables and constants, and structcheck finds unused struct fields. Note that structcheck doesn’t handle embedded structs yet. Check out our instructions on how you can run check with Codacy. 

Clang-Tidy (Standalone)

The Clang tools are a set of linter tools for C, C++, and Objective-C programming languages.  Its goal is to diagnose and fix typical programming errors, such as interface misuse, style violations, and overall programming bugs. It checks more than 300 common bug patterns, including critical security and performance errors. Check out our instructions on how you can run Clang-Tidy with Codacy. 

deadcode (Containerized)

The deadcode tools is a tool for Go programming language, which detects unused declarations in a Go package.  Check out our instructions on how you can run deadcode with Codacy. 

Faux Pas (Standalone)

The Faux Pas tool is a tool for Objective-C programming language, which detects bugs, maintainability, and style issues. Besides code, it also analyses Xcode IDE for project configurations, interface builder files, static assets such as images, and version control issues. Check out our instructions on how you can run Faux Pas with Codacy. 

Gosec (Standalone)

The Gosec tool is a security checker for Go programming language. It inspects code for security problems by scanning the Go AST. Check out our instructions on how you can run Gosec with Codacy. 

SpotBugs (Containerized)

The SpotBugs tool is a tool for Java and Scala programming languages. It is a fork of FindBugs (no longer maintained), and it checks more than 400 bug patterns. SpotBugs can be used standalone or through IDE integration (Ant, Maven, Grandle, and Eclipse). At Codacy, we bundled this tool with Find Security Bugs, a SpotBugs plugin for security audits of web applications, which also integrates with your IDE (Ant, Maven, Eclipse, IntelliJ, Android Studio, and NetBeans). Check out our instructions on how you can run SpotBugs (and Find Security Bugs) with Codacy. 

Staticcheck (Standalone)

The Staticheck tool is a linter tool for Go programming language. It performs more than 100 checks, with the goals of detecting bugs and performance issues, offering simplifications, and enforcing style rules. Check out our instructions on how you can run Staticcheck with Codacy. 

Are you already a Codacy user and want to advance to the next level? We’ll be tackling a few helpful tools and features that you might not know about and teach you how to set them up.

Webinar announcement (Blog Banner)

Join us in our Masterclass: Continuous Code Quality — Take your DevSecOps to the next level with Codacy. See you there!

👉 Where: https://bit.ly/3r7WRRo
👉 When: February 2nd 2022, 5pm UTC

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Subscribe to our newsletter

To be updated with all the latest news, offers and special announcements.

Recent posts

Becoming a Code Review Master

On September 20th, we did a webinar called Becoming a Code Review Master. Guest speaker Curtis Einsmann, former AWS engineer and...

Announcing our Series B

Hi there.  Today we’re glad to announce that we raised our Series B of $15M led by...

How to tackle technical debt (for teams using Scrum)

Technical debt happens in all software projects, regardless of the programming languages, frameworks, or project methodologies used. It is a common...

Who should care about code coverage

Code coverage tells us what percentage of our code is covered by tests. There are different code coverage types, and a...

9 challenges of managing PRs and how to solve them

Developers have been using Pull Requests to review code on branches before it reaches master for a very long time. However,...