As part of our effort to continue expanding our language support, we are excited to announce the support of two new tools for all Codacy users: Clang-Tidy and SpotBugs.
Clang-Tidy is a tool for C and C++. Its purpose is to diagnose typical programming errors, like style violations, interface misuse, or bugs that can be deduced via static code analysis. It checks for more than 300 common bug patterns including critical security and performance flaws.
You can get started by following our Clang-Tidy guide.
SpotBugs (the successor of FindBugs) is a program which uses static code analysis to look for bugs in Java and Scala code. It checks for more than 400 bug patterns. We’ve also bundled Find Security Bugs: a SpotBugs plugin for security audits of Scala web applications. The issues reported cover the OWASP Top 10 and CWE standards.
Example of Potential Scala Slick Injection: WASC-19; CAPEC-66; CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’); OWASP: Top 10 2013-A1-Injection.
Last week we announced SpotBugs support to Codacy Self-hosted, which now is also available for all users. So if you use Java or Scala, you can already add the new security checks by following our SpotBugs guide.
Today, we are also announcing our plan to support even more tools – your tools.
We’re developing a new system called Client-side Tools that will let you standardize your code quality by reporting issues from your own linting tools and checkers to Codacy.
The Client-side Tools will allow running any tool either locally or as part of your CI pipeline and then integrate the results into your Codacy workflow. This way, Codacy will present the results coming from your tools alongside all the other code quality information in the dashboards.
The Client-side Tools will not only support private tools but also other use cases that you might be encountering in your current Codacy usage:
- Whether you are running a different version of a tool or plugin from the currently built-in tools on Codacy;
- You are running a tool with a private plugin;
- Running a tool with custom rules;
- Running a tool with advanced inspection capabilities that must have access to the compilation result.
Starting today, Self-hosted, Cloud and Open-source users will have access to Clang-Tidy and SpotBugs, which are the first version of Client-side Tools. We’ll continue to work on opening the system so that we can support more tools in the future.
Let us know what you think, we look forward to listening to your thoughts.
If you use GitHub, Bitbucket, or GitLab, you can get started with Codacy in just a few seconds.