Skip to content

Commit

Permalink
Merge branch 'master' into DOCS-708-add-org-configuration
Browse files Browse the repository at this point in the history
  • Loading branch information
@nicklem
nicklem authored Aug 12, 2024
2 parents f605ef3 + d13ab9b commit 353c13a
Show file tree
Hide file tree
Showing 18 changed files with 209 additions and 14 deletions.
4 changes: 4 additions & 0 deletions docs/assets/includes/paid.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,3 +9,7 @@
<!--paid-feature-start-->
!!! info "This is a [paid feature](https://www.codacy.com/pricing)"
<!--paid-feature-end-->

<!--paid-feature-business-start-->
!!! info "This feature is [only available on Business plan](https://www.codacy.com/pricing)"
<!--paid-feature-business-end-->
5 changes: 5 additions & 0 deletions docs/faq/general/does-codacy-keep-audit-logs.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
# Does Codacy keep audit logs for my organization?

On [Business plan](https://www.codacy.com/pricing), Codacy logs significant organization events that can be retrieved for audit reporting.

See [Audit logs for organizations](../../organizations/audit-logs-for-organizations.md) for the complete list of events that Codacy logs, and how to obtain audit log data.
6 changes: 3 additions & 3 deletions docs/getting-started/supported-languages-and-tools.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -156,7 +156,7 @@ The table below lists all languages that Codacy supports and the corresponding t
<td><a href="https://github.com/dart-lang/sdk/tree/main/pkg/analyzer_cli">dartanalyzer</a> <a href="#dart-limitations"><sup>5</sup></a></td>
<td>-</td>
<td><a href="https://trivy.dev">Trivy</a></td>
<td>-</td>
<td><a href="https://trivy.dev">Trivy</a>, scans <br><code>pubspec.lock</code></td>
<td><a href="https://github.com/kucherenko/jscpd">jscpd</a></td>
<td>-</td>
</tr>
Expand Down Expand Up @@ -202,7 +202,7 @@ The table below lists all languages that Codacy supports and the corresponding t
<td><a href="https://semgrep.dev/">Semgrep</a> <a href="#suggest-fixes">🔧</a></td>
<td><a href="https://semgrep.dev/">Semgrep</a>,
<a href="https://trivy.dev">Trivy</a></td>
<td>-</td>
<td><a href="https://trivy.dev">Trivy</a>, scans <br><code>go.mod</code></td>
<td><a href="https://pmd.github.io/pmd/pmd_userdocs_cpd.html">PMD CPD</a></td>
<td><a href="https://github.com/fzipp/gocyclo">Gocyclo</a></td>
</tr>
Expand Down Expand Up @@ -277,7 +277,7 @@ The table below lists all languages that Codacy supports and the corresponding t
<a href="https://semgrep.dev/">Semgrep</a> <a href="#semgrep"><sup>1</sup></a></td>
<td>-</td>
<td><a href="https://semgrep.dev/">Semgrep</a></td>
<td>-</td>
<td><a href="https://trivy.dev">Trivy</a>, scans <br><code>pom.xml</code> and <code>gradle.lockfile</code></td>
<td><a href="https://github.com/kucherenko/jscpd">jscpd</a></td>
<td><a href="https://github.com/detekt/detekt">detekt</a></td>
</tr>
Expand Down
70 changes: 70 additions & 0 deletions docs/organizations/audit-logs-for-organizations.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,70 @@
---
description: List of events that Codacy can log for an organization.
---

# Audit logs for organizations

{%
include-markdown "../assets/includes/paid.md"
start="<!--paid-feature-business-start-->"
end="<!--paid-feature-business-end-->"
%}

Codacy logs important events in your organization, reflecting when your team members execute specific operations. This enables the generation of comprehensive reports to assist you with the audit process. For example, you can track who added a repository to Codacy, or changed the settings of a coding standard.

[Organization admins and organization managers](./roles-and-permissions-for-organizations.md) can obtain the audit log data of the organization events using the Codacy API endpoint [listAuditLogsForOrganization](https://api.codacy.com/api/api-docs#listauditlogsfororganization).

The retention period of audit logs for organization events is one year.

## Audit log events

Each audit log tracks when a Codacy user executed a specific operation in your organization using the Codacy app or the [Codacy API](https://api.codacy.com/api/api-docs#codacy-api). Each operation is identified by an **action**. For the detailed content of each audit log, see the [Codacy API reference](https://api.codacy.com/api/api-docs#listauditlogsfororganization).

The sections below list the events that Codacy logs for your organization at user, organization, and repository levels.

### User

|Event|Description|Action|
|-----|-----------|------|
|Log in|User logged in to Codacy|`user.login`|
|Create [account API token](../codacy-api/api-tokens.md#account-api-tokens)|New account API token created|`user.tokens.create`|
|Read account API token|List of account API tokens retrieved|`user.tokens.read`|
|Delete account API token|Account API token deleted|`user.tokens.delete`|

### Organization

|Event|Description|Action|
|-----|-----------|------|
|[Add organization](./what-are-organizations.md#adding-an-organization)|Organization added to Codacy|`organizations.create`|
|[Add people](./managing-people.md#adding-people) to organization|New people added to the organization|`organizations.people.create`|
|[Join organization](./managing-people.md#joining)|User joined the organization|`organizations.join`|
|Update [repository management permissions](./roles-and-permissions-for-organizations.md#change-analysis-configuration)|Repository management permissions updated|`organizations.analysisconfigurationminimumpermission.update`|
|Assign [organization manager role](./roles-and-permissions-for-organizations.md#managing-the-organization-manager-role)|Organization manager role assigned to a team member|`organizations.security.managers.create`|
|Revoke organization manager role|Organization manager role revoked from a team member|`organizations.security.managers.delete`|
|Update [default Git provider configuration](./integrations/default-git-provider-integration-settings.md)|Default Git provider configuration for the organization updated|`organizations.integrations.providersettings.update`|
|Apply default Git provider configuration to all repositories|Default Git provider configuration applied to all repositories of the organization|`organizations.integrations.providersettings.apply`|
|Create new organization hook|New organization webhook created|`organizations.settings.hooks.create`|
|Create new [gate policy](./using-gate-policies.md)|New gate policy created|`organizations.gatepolicies.create`|
|Update gate policy|Quality gate definition updated|`organizations.gatepolicies.update`|
|Apply gate policy to repositories|Gate policy applied to a list of repositories|`organizations.gatepolicies.repositories.apply`|
|Make gate policy default|Gate policy was made the default for the organization|`organizations.gatepolicies.setdefault`|
|Make Codacy gate policy default|Built-in Codacy gate policy was made the default for the organization|`organizations.gatepolicies.setcodacydefault`|
|Delete gate policy|Gate policy deleted|`organizations.gatepolicies.delete`|
|Create new [coding standard](./using-coding-standards.md) using preset sensitivity levels|New coding standard created|`organizations.presetsstandards.create`|
|Create new coding standard draft using individual language and code pattern settings|New coding standard draft created|`organizations.codingstandards.create`|
|Create new coding standard from draft|New coding standard created|`organizations.codingstandards.promote`|
|Update coding standard from draft|Coding standard updated|`organizations.codingstandards.promote`|
|Apply coding standard to repositories|Coding standard applied to a list of repositories|`organizations.codingstandards.repositories.apply`|
|Make coding standard default|Coding standard was made the default|`organizations.codingstandards.setdefault`|
|Delete coding standard|Coding standard deleted|`organizations.codingstandards.delete`|

### Repository

|Event|Description|Action|
|-----|-----------|------|
|Create new [post-commit hook](../repositories-configure/integrations/post-commit-hooks.md)|New repository hook created|`repositories.integrations.postcommithook`|
|Create [repository API token](../codacy-api/api-tokens.md#repository-api-tokens)|New repository API token created|`repositories.tokens.create`|
|Read repository API token|List of repository API tokens retrieved|`repositories.tokens.read`|
|Delete repository API token|Repository API token deleted|`repositories.tokens.delete`|
|Update Git provider integration settings<br>([GitHub](../repositories-configure/integrations/github-integration.md#configuring), [Bitbucket](../repositories-configure/integrations/bitbucket-integration.md#configuring), or [GitLab](../repositories-configure/integrations/gitlab-integration.md#configuring))|Git provider integration settings for the repository updated|`repositories.integrations.providersettings.update`|
|Refresh Git provider integration<br>(applies only to [Bitbucket](../repositories-configure/integrations/bitbucket-integration.md#refreshing) and [GitLab](../repositories-configure/integrations/gitlab-integration.md#refreshing))|Git provider integration for the repository refreshed|`repositories.integrations.refreshprovider`|
31 changes: 29 additions & 2 deletions docs/organizations/roles-and-permissions-for-organizations.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -199,6 +199,15 @@ The table below maps the GitHub Cloud and GitHub Enterprise roles to the corresp
<td class="yes">Yes</td>
<td class="yes">Yes</td>
</tr>
<tr>
<td>Obtain audit logs for organization events<sup>5</sup></td>
<td class="no">No</td>
<td colspan="2" class="no">No</td>
<td colspan="2" class="no">No</td>
<td class="no">No</td>
<td class="yes">Yes</td>
<td class="yes">Yes</td>
</tr>
<tr>
<td>Invite and accept members,<br/>modify billing</td>
<td class="no">No</td>
Expand All @@ -223,7 +232,8 @@ The table below maps the GitHub Cloud and GitHub Enterprise roles to the corresp
<sup>1</sup>: Outside collaborators aren't supported as members of organizations on Codacy. You can still [add outside collaborators to Codacy](managing-people.md#adding-people) so that Codacy analyzes their commits to private repositories, but they won't be able to join your Codacy organization.
<sup>2</sup>: Joining an organization may need an approval depending on your setting for [accepting new people](changing-your-plan-and-billing.md#allowing-new-people-to-join-your-organization).
<sup>3</sup>: These users can only see security items originating from Codacy repositories that they follow.
<sup>4</sup>: Requires that an organization owner has given the Codacy GitHub App access to the repositories to add or remove.
<sup>4</sup>: Requires that an organization owner has given the Codacy GitHub App access to the repositories to add or remove.
<sup>5</sup>: [Audit logs](./audit-logs-for-organizations.md) are available only on [Business plan](https://www.codacy.com/pricing).

## Permissions for GitLab

Expand Down Expand Up @@ -353,6 +363,15 @@ The table below maps the GitLab Cloud and GitLab Enterprise roles to the corresp
<td class="yes">Yes</td>
<td colspan="2" class="yes">Yes</td>
</tr>
<tr>
<td>Obtain audit logs for organization events<sup>4</sup></td>
<td class="no">No</td>
<td colspan="2" class="no">No</td>
<td class="no">No</td>
<td colspan="2" class="no">No</td>
<td class="yes">Yes</td>
<td colspan="2" class="yes">Yes</td>
</tr>
<tr>
<td>Invite and accept members,<br/>modify billing</td>
<td class="no">No</td>
Expand All @@ -377,6 +396,7 @@ The table below maps the GitLab Cloud and GitLab Enterprise roles to the corresp
<sup>1</sup>: External users aren't supported as members of organizations on Codacy. You can still [add external users to Codacy](managing-people.md#adding-people) so that Codacy analyzes their commits to private repositories, but they won't be able to join your Codacy organization.
<sup>2</sup>: Joining an organization may need an approval depending on your setting for [accepting new people](changing-your-plan-and-billing.md#allowing-new-people-to-join-your-organization).
<sup>3</sup>: These users can only see security items originating from Codacy repositories that they follow.
<sup>4</sup>: [Audit logs](./audit-logs-for-organizations.md) are available only on [Business plan](https://www.codacy.com/pricing).

## Permissions for Bitbucket

Expand Down Expand Up @@ -465,6 +485,12 @@ The table below maps the Bitbucket Cloud and Bitbucket Server roles to the corre
<td class="yes">Yes</td>
<td class="yes">Yes</td>
</tr>
<tr>
<td>Obtain audit logs for organization events<sup>4</sup></td>
<td colspan="2" class="no">No</td>
<td class="yes">Yes</td>
<td class="yes">Yes</td>
</tr>
<tr>
<td>Invite and accept members,<br/>modify billing</td>
<td colspan="2" class="no">No</td>
Expand All @@ -482,7 +508,8 @@ The table below maps the Bitbucket Cloud and Bitbucket Server roles to the corre

<sup>1</sup>: Codacy can't distinguish the Bitbucket roles Read and Write because of a limitation on the Bitbucket API.
<sup>2</sup>: Joining an organization may need an approval depending on your setting for [accepting new people](changing-your-plan-and-billing.md#allowing-new-people-to-join-your-organization).
<sup>3</sup>: These users can only see security items originating from Codacy repositories that they follow.
<sup>3</sup>: These users can only see security items originating from Codacy repositories that they follow.
<sup>4</sup>: [Audit logs](./audit-logs-for-organizations.md) are available only on [Business plan](https://www.codacy.com/pricing).

## See also

Expand Down
85 changes: 85 additions & 0 deletions docs/release-notes/cloud/cloud-2024-06.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,85 @@
---
rss_title: Codacy release notes RSS feed
rss_href: /feed_rss_created.xml
description: Release notes for Codacy Cloud June 2024.
included_jira_versions: ['2024.06']
codacy_tools_version_old: https://github.com/codacy/codacy-tools/releases/tag/7.14.11
codacy_tools_version_new: https://github.com/codacy/codacy-tools/releases/tag/7.16.17
---

# Cloud June 2024

These release notes are for the Codacy Cloud updates during June 2024.

📢 [Visit the Codacy roadmap](https://roadmap.codacy.com) and <span class="skip-vale">let us know</span> your feedback on both new and planned product updates!

## Product enhancements

- You can now [filter Security and Risk Management findings by scan type](../../organizations/managing-security-and-risk.md#scan-types) to see results based on the detection method, including Code Scanning, Software Composition Analysis, Exposed Secrets, Infrastructure as Code, and Penetration Testing. (TCE-1028)
- For increased security, Codacy now sets [automatic expiration timeouts](../../account/user-session-management.md) for every session. (PLUTO-879)
- The Codacy configuration file now supports a [new field `include_paths`](../../repositories-configure/codacy-configuration-file.md#include-files) that lets you explicitly specify files or directories to include in the analysis. This is particularly useful for bypassing files or directories that are ignored by default or specified in `exclude_paths`. (TCE-977)
- Codacy can now detect duplicated code in the following languages: CoffeeScript, Elixir, Groovy, Objective C, Rust, Visual Basic (TCE-1021)

## Bug fixes

- Fixed an issue that caused missing data in the user interface when navigating the Gate policies settings in the Codacy app. (PLUTO-918)
- Fixed an issue that caused discrepancies in reported coverage variation values. (TCE-948)
- Fixed a case-sensitivity issue when analyzing file paths in coverage reports. (TCE-982)

## Deprecations

- On June 5th, Codacy [stopped sending status checks from the old Coverage engine](./cloud-2023-11-23-new-coverage-engine-status-checks.md#deprecation-and-removal-calendar-for-the-old-coverage-engine-status-checks). (ALA-767)

## Tool versions

Codacy Cloud now includes the tool versions below. The tools that were recently updated are highlighted in bold:

- Ameba 1.5.0
- Bandit 1.7.5
- Brakeman 4.3.1
- bundler-audit (deprecated) 0.9.1
- Checkov 3.2.79
- Checkstyle 10.13.0
- Clang-Tidy 10.0.1
- CodeNarc 3.3.0
- CoffeeLint 5.2.11
- Cppcheck 2.13.0
- Credo 1.7.2
- CSSLint (deprecated) 1.0.5
- **[dartanalyzer 3.4.2](https://github.com/dart-lang/sdk/blob/main/CHANGELOG.md) (updated from 3.3.4)**
- detekt 1.23.5
- ESLint 8.57.0
- ESLint (deprecated) 7.32.0
- Faux-Pas 1.7.2
- Flawfinder 2.0.19
- Gosec 2.15.0
- **[Hadolint 2.12.0](https://github.com/hadolint/hadolint/releases/tag/v2.12.0) (updated from 1.18.2)**
- Jackson Linter 2.15.2
- JSHint (deprecated) 2.13.6
- markdownlint 0.33.0
- PHP Mess Detector 2.14.1
- PHP_CodeSniffer 3.9.2
- PMD 6.55.0
- Prospector 1.10.3
- PSScriptAnalyzer 1.21.0
- Pylint 3.1.0
- Pylint (deprecated) 1.9.5
- remark-lint 9.1.2
- Revive 1.3.7
- **[RuboCop 1.64.1](https://github.com/rubocop/rubocop/releases/tag/v1.64.1) (updated from 1.63.1)**
- Scalastyle 1.5.1
- **[Semgrep 1.77.0](https://github.com/semgrep/semgrep/releases/tag/v1.77.0) (updated from 1.68.0)**
- ShellCheck v0.9.0
- SonarC# 9.23
- SonarVB 8.15
- Spectral 1.18.1
- SpotBugs 4.8.3
- SQLint 0.2.1
- Staticcheck 2023.1.6
- **[Stylelint 16.6.1](https://github.com/stylelint/stylelint/releases/tag/16.6.1) (updated from 15.10.3)**
- SwiftLint 0.54.0
- Tailor 0.12.0
- **[Trivy 0.52.2](https://github.com/aquasecurity/trivy/releases/tag/v0.52.2) (updated from 0.49.1)**
- TSLint (deprecated) 6.1.3
- TSQLLint 1.11.1
- Unity Roslyn Analyzers 1.19.0
1 change: 1 addition & 0 deletions docs/release-notes/index.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ For product updates that are in progress or planned [visit the Codacy public roa

2024

- [Cloud June 2024](cloud/cloud-2024-06.md)
- [Cloud May 2024](cloud/cloud-2024-05.md)
- [Cloud April 2024](cloud/cloud-2024-04.md)
- [Cloud March 2024](cloud/cloud-2024-03.md)
Expand Down
4 changes: 2 additions & 2 deletions docs/repositories-configure/configuring-code-patterns.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ To configure the tools and code patterns for a repository using the Codacy UI:

![Toggling tools](images/code-patterns-toggle-tools.png)

1. Select a tool to enable or disable its code patterns. To make it easier to find relevant patterns, use the filters above the pattern list. You can filter by [issue category](../faq/code-analysis/which-metrics-does-codacy-calculate.md#issues), status, or severity level.
1. Select a tool to enable or disable its code patterns. To make it easier to find relevant patterns, use the filters above the pattern list. You can filter by [issue category](../faq/code-analysis/which-metrics-does-codacy-calculate.md#issues), status, severity level, or display only recommended code patterns.

To see an explanation of the issues that a pattern detects and how to fix them, click the respective dropdown arrow.

Expand Down Expand Up @@ -97,7 +97,7 @@ The table below lists the configuration file names that Codacy detects and suppo
<tr>
<td><a href="https://docs.openstack.org/bandit/latest/config.html">Bandit</a></td>
<td>Python</td>
<td><code>bandit.yml</code>, <code>.bandit</code></td>
<td><code>bandit.yml</code>, <code>bandit.yaml</code>, <code>.bandit</code>, <code>bandit.toml</code>, <code>bandit.ini</code></td>
<td>To solve flagged valid Python "assert" statements, create a <code>bandit.yml</code> on the root of the repository containing: <code>skips: \['B101'\]</code></td>
</tr>
<tr>
Expand Down
Binary file modified docs/repositories-configure/images/code-patterns-config-file.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified docs/repositories-configure/images/code-patterns-configure.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified docs/repositories-configure/images/code-patterns-cs-detach.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified docs/repositories-configure/images/code-patterns-toggle-tools.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified docs/repositories-configure/images/code-patterns.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified docs/repositories/images/issues-filter.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified docs/repositories/images/issues.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
10 changes: 5 additions & 5 deletions docs/repositories/issues.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ By default, the page lists the issues on the main branch of your repository but
![Issues page](images/issues.png)

<!--issue-details-start-->
Click the title of an issue to see the following information:
Click the title of an issue card to expand it and see the following information:

- The committer and date of the commit that introduced the issue, if available
- The estimated time to fix the issue
Expand All @@ -22,11 +22,13 @@ Click the title of an issue to see the following information:

## Filtering issues

Filter the list of issues to find specific issues, such as the issues with the highest severity or security issues:
Filter the list of issues to find specific issues, such as the issues with the highest severity or security issues.

The list of code patterns with issues is always visible on the left side of the page. Click a [code pattern](../repositories-configure/configuring-code-patterns.md) to filter the list of issues by that pattern.

![Filtering issues](images/issues-filter.png)

You can define one or more of the following filters:
You can moreover define one or more of the following filters:

- **Language:** Programming language of the file where the issues were detected

Expand All @@ -44,8 +46,6 @@ You can define one or more of the following filters:
end="<!--issue-categories-end-->"
%}

- **Pattern:** [Code pattern](../repositories-configure/configuring-code-patterns.md) that detected the issue

- **Author:** Commit author that introduced the issue on the code

!!! note
Expand Down
Loading

0 comments on commit 353c13a

Please sign in to comment.