This is the docker engine we use at Codacy to have Semgrep support.
You can create the docker by doing:
docker build --build-arg TOOL_VERSION=$(cat .tool_version) -t codacy-semgrep:latest .The docker is ran with the following command:
docker run -it -v $srcDir:/src codacy-semgrep:latest-
Update the version in
.tool_version -
Get the latest commit for the
releasebranch from the github.com/semgrep/semgrep-rules repo and update it in DocGenerator fileinternal/docgen/parsing.go. -
Run the DocGenerator:
go run ./cmd/docgenWe use the codacy-plugins-test to test our external tools integration. You can follow the instructions there to make sure your tool is working as expected.
Codacy is an Automated Code Review Tool that monitors your technical debt, helps you improve your code quality, teaches best practices to your developers, and helps you save time in Code Reviews.
- Identify new Static Analysis issues
- Commit and Pull Request Analysis with GitHub, BitBucket/Stash, GitLab (and also direct git repositories)
- Auto-comments on Commits and Pull Requests
- Integrations with Slack, HipChat, Jira, YouTrack
- Track issues in Code Style, Security, Error Proneness, Performance, Unused Code and other categories
Codacy also helps keep track of Code Coverage, Code Duplication, and Code Complexity.
Codacy supports PHP, Python, Ruby, Java, JavaScript, and Scala, among others.
Codacy is free for Open Source projects.