Codacy Reviews

I've used codacy for about an year now and I can say that it has been an amazing experience till now.

The intended purpose to onboard Codacy as the code quality and security analysis tool has been fulfilled. My team's overall code quality has improved significantly by using codacy. We have extensively used it to fix syntaxes, detect and remove hardcodings, and improve any redundancy in the code.

In addition to code quality, its integration with pull requests and project management tools such as Jira has helped me to manage code reviews and quality efficiently.

Codacay is an amazing tool but here are some nitpicking improvements that can be implemented:

-Running code analysis on large databases sometimes takes a longer time or gets stuck and requires reanalysis.

-A little more flexibility in customizing our own rules tailored specifically to the project needs won't harm.

Codacy is solving the problem of improving the overall code quality and identifying and resolving the quality issues during the early stages of development.

The Codacy team follows up and ensures that we are getting the most out of the platform. My team members consider it crucial to the success of our projects. It is quite easy to integrate and does its job without human interaction.

I would like to see them branch out into more features like dependency scanning for vulnerable or unsupported versions of depended libraries.

It helps us weed out low quality code. It also helps to maintain style standards within our codebase.

I'm an open source project maintainer. Given that I'm already donating thousands of hours of my time on my project, I absolutely love products which offer their tools free to Open Source projects. There are a variety of CI tools available, and no one tool checks every box, but Codacy is one that is really helpful to include. The most helpful feature for me is pull request integration; it notices issues and prompts authors to fix them before I even get a chance to review! It also has the most useful "duplicate detection" algorithms of any of the CI tools I've used, enabling me to refactor and simplify code.

It is immensely configurable as to choosing what patterns to look for, but the categories are very broad so there are still hundreds of rules to try to sort through and activate. A narrower classification than "error prone" would help me methodically review and fine tune my rules rather than trusting "add all" and eliminating the false positives.

Codacy is quickly finding basic problems in PRs before they even reach a human reviewer, improving the quality of all code additions with no additional maintainer time. It also provides tools on its dashboard to hunt down and improve older code when time is available.

I have used Codacy for various projects, both in closed and open source development. I found Codacy to be a very flexible tool for ensuring common coding standards and detecting possible code issues early.

- Support for a large variety of programming and markup languages. Even medium-sized projects quickly use a multitude of languages. For example, in addition to the project's primary programming languages, there might be parts written in, e.g., C or JavaScript; the build makes use of Makefiles or shell scripts; the configuration is provided in XML or JSON; infrastructure is configured with Docker and Terraform etc. Codacy allows me to monitor code quality for all these parts of an application in one place.

- Flexible configuration by using configuration files. While you can also configure the tools in the Codacy UI, it allows you to have the rules for code analysis saved in configuration files as part of the analyzed project. That enables the team to easily adjust the rules to their needs while having the configuration versions controlled and documented.

- Integration into your CI workflow: I have used Codacy with both GitHub and Gitlab. The integration into the CI process gives instant feedback to developers and allows the team to ensure that only validated code makes it into the project.

Due to many supported languages, the detailed configuration of the rules can require some research. Here Codacy could improve the process by linking to the relevant documentation for the corresponding configuration file.

Codacy provides static code analysis, which helps set common coding standards for the project team and find potential bugs and security issues early. This results in overall better project quality. In addition, with Codacy, I can use a single tool for my projects instead of relying on various separate tools for each programming language.

As an author of an open-source product, it is very important to check the quality of the code, and he can help us quickly know the bad taste of the code.

No， I think it has been perfect and I have recommended all my community friends and open-source authors to use it.

For an open source project. It helps us standardize the code, makes everyone work well together, and also helps the project detect different system vulnerabilities, making open source software better and better

C++ is a complex language that is easy to use in the wrong way. The integration of Codacy into our CI setup on Github ensures that our quality requirements are checked on every pull request. This ensures the high quality of our codebase.

We'd like to see more tools on Codacy that target C++. Otherwise we have no remarks are very happy with what is available.

We use Codacy to ensure that certain quality requirements with regards to using C++ properly are being met. Having Coday automatically running tests for every pull-request ensures that all contributions made by our developers conform to the same high quality standards.

I use codacy in my open source projects, and helps me a lot reviewing all the pull requests. I can see if there are some issues that could lead to errors, or some duplicated code that needs to be refactored. The integration with GitHub is one of my favorite feature, since the pull requests errors can be seen directly on the line of code. From their website you can also ignore some files or directories that doesn't need checks, like tests or demo projects, or anything that is not production and can have issues.

Something that required me some time to understand how it works it's the Code Pattern settings page, there are a lot of tools for checking the code, and understanding all the options is not always clear, but once configured. I had hard times migrating from TSLint to ESLint, since some rules were different, and I don't remember any migration tool. Anyway, once set up it works perfectly. Something's missing is a monorepo support, I have different ESLint configurations between all the packages, and you have to find your minimum common rules to set on the Code Pattern settings page, to avoid more issues than expected.

If you want to review the code on your project, yours or other developers', this project is what you're looking for

When I started the project on GitHub I was concerned about contributions from other developers, since their coding style could be different from mine, or some bugs that can be introduced by them. Codacy helps me find issues in everyone's code, also mine since I do pull request to my repository as well, and it's easy to give a feedback to the contributors.

- Easy integration as part of your development flow, including this tool on the PRs check and aligning everyone on the team to the defined code quality standards.

- Simple sharing of existing static code configuration between the project and the platform allows you to keep only one source of truth.

- Dashboard and monitoring make it easy to visualize and track the tech debt and all quality standards from one place.

- Reduce the time on the code reviews, important for large teams and not only. Allowing engineers to focus completely on the logic, edge cases, architecture decisions rather than code style, code duplication, issues, etc...

- Self-hosted solution, is especially important for large companies where the source code needs to complain about internal security standards.

- BONUS: Company principles, by supporting open-source projects and startups. Definitely, something that large companies should take note of.

- No SOC2 certification, it may be something important if your organisation have some security standards about third parties, but possible to address it by using a self-hosted solution. Unfortunately, this makes the integration a bit more difficult. Apparently, they are working on getting it (roadmap https://roadmap.codacy.com/c/74-soc2-compliance).

I started using SonarQube and then moved to SonarCloud for all code static analysis time long ago for my personal projects but also for large company projects where it's especially important to design and build solutions that are scalable, maintainable and testable. Because those code solutions need to follow strict standards to keep them consistent with the different devs/teams. With Codacy I'm taking advantage of all the potential of the previously mentioned platforms that I used since my beginnings but also have additional powerful features like monitoring quality dashboard, seamless user management, tackling technical debt, configuration file support, identifying security issues and more.

- Easy Integration

- Clean Interface

- Coverage Support

- GitHub integration

- Fast feedback

- No detailed Coverage statistics with graph

- Main Screen shows the issues with percentage, hard to see improvements in graph in big projects

- Code quality

- Lint Check

- Coverage Check

Codacy helped me a lot to improve my code, it's a great platform and a 'code mentor', I'd recommend it to anyone. I used other tools before and after starting to use Codacy but I found this as the better tradeoff between ease of use and quality.

False positives, I had to disable some patterns because it was unable to correctly analyze the code, and that is somewhat a boring task, and you also have to remind yourself to enable them again after.

Code quality, my code has improved a lot and I like to have a clean code. Codacy as a mentor and providing comments on how to solve the issues and flagging certain security vulnerabilities as well, it certainly helped a lot. Thank you for that.