Codacy gosec
A standalone tool that converts gosec results to Codacy's format. It allows the integration of gosec into your Codacy workflow.
How it works
-
The tool receives as input the gosec result from stdin. The gosec result must be in JSON format.
-
Converts gosec result into Codacy's format
-
Prints Codacy's format to stdout
NOTE: the tool must be run in the project root folder.
Usage
Requirements
To get your gosec results into Codacy you'll need to:
- Enable the setting “Run analysis through build server” under your repository Settings > General > Repository analysis
- Obtain a project API token
- Install gosec
Sending the results to Codacy
Sending the results of running gosec to Codacy involves the steps below, which you can automate in your CI build process:
- Run gosec
- Convert the gosec output to a format that the Codacy API accepts
- Send the results to Codacy
- Finally, signal that Codacy can use the sent results and start a new analysis
export PROJECT_TOKEN="YOUR-TOKEN"
export COMMIT="COMMIT-UUID"
gosec -fmt json -log log.txt ./... | \
./codacy-gosec-"<version>" | \
curl -XPOST -L -H "project-token: $PROJECT_TOKEN" \
-H "Content-type: application/json" -d @- \
"https://api.codacy.com/2.0/commit/$COMMIT/issuesRemoteResults"
curl -XPOST -L -H "project-token: $PROJECT_TOKEN" \
-H "Content-type: application/json" \
"https://api.codacy.com/2.0/commit/$COMMIT/resultsFinal"
For self-hosted installations:
export PROJECT_TOKEN="YOUR-TOKEN"
export COMMIT="COMMIT-UUID"
export CODACY_URL="CODACY-INSTALLATION-URL"
gosec -fmt json -log log.txt ./... | \
./codacy-gosec-"<version>" | \
curl -XPOST -L -H "project-token: $PROJECT_TOKEN"
-H "Content-type: application/json" -d @- \
"$CODACY_URL/2.0/commit/$COMMIT/issuesRemoteResults"
curl -XPOST -L -H "project-token: $PROJECT_TOKEN" \
-H "Content-type: application/json" \
"$CODACY_URL/2.0/commit/$COMMIT/resultsFinal"
Building
Compile
sbt compile
Format
sbt ";scalafmt;test:scalafmt;sbt:scalafmt"
Tests
sbt test
Build native image (requires docker)
sbt "graalvm-native-image:packageBin"
Build fat-jar
sbt assembly
Generate documentation
cd doc-generation
go run main.go -docFolder=../docs
What is Codacy?
Codacy is an Automated Code Review Tool that monitors your technical debt, helps you improve your code quality, teaches best practices to your developers, and helps you save time in Code Reviews.
Among Codacy’s features:
- Identify new Static Analysis issues
- Commit and Pull Request Analysis with GitHub, BitBucket/Stash, GitLab (and also direct git repositories)
- Auto-comments on Commits and Pull Requests
- Integrations with Slack, HipChat, Jira, YouTrack
- Track issues Code Style, Security, Error Proneness, Performance, Unused Code and other categories
Codacy also helps keep track of Code Coverage, Code Duplication, and Code Complexity.
Codacy supports PHP, Python, Ruby, Java, JavaScript, and Scala, among others.
Free for Open Source
Codacy is free for Open Source projects.