Welcome to the fourth and final quarterly Codacy Product Showcase event of 2024! Let’s dive right into the performance enhancements and new features we have to share.
Performance Improvements
This quarter, we focused on platform performance, specifically pod size and change processing. We also examined some cost improvements that allow us to run more parallel executions, considerably reducing our customers' scan times.
Segments for GitHub Custom Properties
If your team uses GitHub, this new feature will make your work much more manageable.
GitHub custom properties allow you to define and manage key-value pairs for repositories, workflows, or GitHub Actions, enabling more flexible automation and configuration. They help customize workflows by passing specific information or settings tailored to individual needs.
GitHub Custom Properties as Segments allows you to group repositories on the Repository list page.
Have your GitHub custom properties always synced with Codacy by approving updated permissions for the GitHub App. Utilize them to filter through your organization repository list and, soon, security risk & management information.
You can also use GitHub custom properties from the Security and Risk Management (SRM) tab. This works just like the repo segment filter works.
Once you’ve set them up on GitHub, sync those segments on the Codacy website, and voilà—you can filter the SRM dashboard by the segments that matter to you most.
Check out the complete blog post to learn more about the feature and understand how it works.
New Code Coverage Page
Say “hello” to our new Coverage page! We’ve created a simplified new Coverage dashboard with the most critical insights and recommendations to improve coverage in your repository.
The new Coverage page summarizes the coverage metrics, the coverage status of all open pull requests, and highlights files with either issues or high complexity with low coverage.
To dive deeper into the new Coverage page and how it can help your team keep code coverage percentages up, check out this blog post.
Code Patterns Discovery
Discovering patterns is easier now than ever. We changed the code pattern discovery flow to make the process more intuitive.
Patterns discovery is a meta-search tool that looks for patterns in all tools, enabled or disabled.
It is ideal for discovering if you are controlling a specific risk in all languages and in all possible ways.
Stackable Coding Standards
You can now apply multiple coding standards to a single repository, allowing managers and teams to better define and maintain their quality standards.
When multiple coding standards are applied to a repository, all patterns required by any of the selected standards are analyzed.
Developers can also enable additional patterns not mandated by the chosen standards. This streamlines enforcing organization-wide compliance while allowing developers to customize their individual repositories further.
Check out this blog post to see how it works in more detail.
What’s New With Codacy Security?
Our Business tier users now have access to proactive software composition analysis (SCA) scans, which means that all their repos are safe, even ones rarely updated (legacy services/libraries, etc.)
Every day, we update our vulnerability database and analyze all repositories with the Trivy security tool enabled to look for security issues. The results are then published to our Security and Risk Management page and sent directly to Slack if the integration is enabled.
We’ve split the “Insecure dependencies detection” into different rules by vulnerability severity so that more detailed results show up, helping our users identify what really matters for their code.
This means that Trivy now has three patterns for vulnerable dependencies instead of one: Critical, Medium, and Minor. All repositories and standards with the previous pattern enabled will now have these three patterns enabled.
For a more detailed look into this new feature, check out the full blog post.
What’s next for Codacy Security? Soon, you can expect software bill of materials (SBOM) and license scanning soon, as well as exciting additions to our dynamic application security testing (DAST) pipeline.
If you missed the October 2024 Product Showcase, you can watch the full video here:
Until next time,
The Codacy Team
