.svg)
We at Codacy are all about open-source tools.
We run 35 of them for your code quality and security convenience. But there’s a much wider world of code scanners out there than we’ve managed to integrate into Codacy so far!
So, I thought I’d drop a note with a few fun tools we’ve been messing around with here.
OWASP ZAP
We already let you send your ZAP reports from your CI/CD into Codacy to get your DAST results alongside your SAST, IaC, Secrets, SCA, and pen testing results in our Security and Risk Management dashboard.
However, we really want to be more plug-and-play than that, so soon, we’ll launch DAST scanning using ZAP, all handled within Codacy itself, for our business-tier customers.
Until then, you can run ZAP manually or from your CI/CD.
Gitdiagram
Gitdiagram takes your GitHub code and draws a diagrammatic representation of it using AI. Utterly ingenious.
We’ve tested it out on a couple of sample repos. Below is codacy-coverage-reporter, our open-source tool for posting code coverage results to us, and it does a decent job of laying out what’s going on.
Legitify
Legitify scans your GitHub or GitLab projects to look for policy violations, such as not requiring merges to need two approvals, enforcing TFA, and many other security and quality-of-life features.
Also, nicely, it doesn’t bomb out if you don’t give it every single permission it needs on the GH token to scan deeply; it just marks those tests as skipped. So even if you are wary of launching it with all the permissions that it wants, you can still get some valuable results out of it.
Here are the results from one of our internal Github test organizations:
Infracost
On the DevOps side, Infracost will scan your code. Once a baseline is established, when you make a pull request (PR) with infra changes, it will lay out projected cost changes right there in the PR on GitHub.
I love this because it is so close to how Codacy operates. It gives you high-value feedback when and where you are interested rather than hiding it in some third-party UI.
Google Lighthouse
Google Lighthouse is a combination SEO/page weight and accessibility scanner. With the EU’s Accessibility Act coming into force in July, many European businesses will need GDPR-level compliance on web accessibility topics.
Lighthouse leverages aXe, an open-source accessibility testing engine, behind the scenes. You get both scoring on a load of metrics and actionable findings that you can remediate to improve, particularly in the accessibility space.
If you’re interested in accessibility, by the way, Codacy already implements 50 accessibility rules for JS/TS and CSS through our open-source tools ESlint and StyleLint.
Use the “discover patterns” button on your coding standards/repo code patterns page and type “a11y” as the search term:
Hope some of that piqued your interest! If so, sign up for a free Codacy trial and see if you can integrate them into your code quality and security workflow today!
