diff --git a/.github/workflows/scheduled.yml b/.github/workflows/scheduled.yml
index 9b1cdbbdcd..3fc3e6d13e 100644
--- a/.github/workflows/scheduled.yml
+++ b/.github/workflows/scheduled.yml
@@ -13,7 +13,7 @@ jobs:
- name: Check for broken links
id: lychee
- uses: lycheeverse/lychee-action@v1.8.0
+ uses: lycheeverse/lychee-action@v1.9.0
with:
args: --verbose ./docs/**/*.md ./submodules/chart/docs/**/*.md
jobSummary: true
diff --git a/docs/faq/troubleshooting/we-no-longer-have-access-to-this-repository.md b/docs/faq/troubleshooting/we-no-longer-have-access-to-this-repository.md
index 28c94186d4..1420be8bd8 100644
--- a/docs/faq/troubleshooting/we-no-longer-have-access-to-this-repository.md
+++ b/docs/faq/troubleshooting/we-no-longer-have-access-to-this-repository.md
@@ -17,7 +17,7 @@ If you renamed the repository or moved it to a different account on the Git prov
!!! info "This section applies only to GitLab and Bitbucket"
-Codacy uses SSH keys to clone your private repositories. Depending on the level of access that the user configuring the repository on Codacy has on the remote Git provider, an SSH key can be added either:
+On GitLab and Bitbucket organizations, Codacy uses SSH keys to clone your private repositories. Depending on the level of access that the user configuring the repository on Codacy has on the remote Git provider, an SSH key can be added either:
- Directly to the repository itself, if the user has permissions to add SSH keys to the repository
- To the user account, if the user only has read or commit permissions on the repository
@@ -30,7 +30,7 @@ If the user that initially configured the repository on Codacy was using a user
This is only possible if the user configuring the integration with the remote Git provider has administrator access to the repository. Otherwise, this operation will fail. Alternatively, you can do this process manually by copying the SSH key.
!!! note
- If [your repository is using submodules on Codacy](../../repositories-configure/using-submodules.md), add a new SSH user key to your git provider account instead.
+ If [your repository is using submodules on Codacy](../../repositories-configure/using-submodules.md), add a new SSH user key to your Git provider account instead.
diff --git a/docs/getting-started/supported-languages-and-tools.md b/docs/getting-started/supported-languages-and-tools.md
index 70406b9b68..fd9e9fd4d6 100644
--- a/docs/getting-started/supported-languages-and-tools.md
+++ b/docs/getting-started/supported-languages-and-tools.md
@@ -72,7 +72,7 @@ The table below lists all languages that Codacy supports and the corresponding t
| Checkov |
- |
Checkov,
- Trivy 2 |
+ Trivy 2
- |
- |
- |
@@ -88,7 +88,7 @@ The table below lists all languages that Codacy supports and the corresponding t
| C |
- Clang-Tidy3,
+ | Clang-Tidy 3,
Cppcheck,
Flawfinder,
Semgrep 1 |
@@ -100,8 +100,8 @@ The table below lists all languages that Codacy supports and the corresponding t
| C++ |
- Clang-Tidy3,
- Cppcheck4,
+ | Clang-Tidy 3,
+ Cppcheck 4,
Flawfinder,
Semgrep 1 |
- |
@@ -149,7 +149,7 @@ The table below lists all languages that Codacy supports and the corresponding t
| Dart |
- dartanalyzer5 |
+ dartanalyzer 5 |
- |
Trivy |
Trivy, scans
pubspec.yaml (pub) |
@@ -187,12 +187,12 @@ The table below lists all languages that Codacy supports and the corresponding t
| Go |
- aligncheck3,
- deadcode3,
- Gosec3,
+ | aligncheck 3,
+ deadcode 3,
+ Gosec 3,
Revive,
Semgrep 1,
- Staticcheck3 |
+ Staticcheck 3
- |
Trivy |
Trivy, scans
go.mod and go.sum (mod) |
@@ -212,7 +212,7 @@ The table below lists all languages that Codacy supports and the corresponding t
Helm |
- |
- |
- Trivy 2 |
+ Trivy 2 |
- |
- |
- |
@@ -222,13 +222,13 @@ The table below lists all languages that Codacy supports and the corresponding t
Checkstyle,
PMD,
Semgrep 1,
- SpotBugs3 |
+ SpotBugs 3
- |
PMD,
Trivy |
- |
PMD CPD |
- PMD |
+ PMD 6 |
| JavaScript |
@@ -239,7 +239,7 @@ The table below lists all languages that Codacy supports and the corresponding t
Trivy |
Trivy, scans
package.json and package-lock.json (npm),
yarn.lock (Yarn) |
PMD CPD |
- ESLint |
+ ESLint 6 |
| JSON |
@@ -275,7 +275,7 @@ The table below lists all languages that Codacy supports and the corresponding t
Checkov |
- |
Checkov,
- Trivy 2 |
+ Trivy 2
- |
- |
- |
@@ -300,7 +300,7 @@ The table below lists all languages that Codacy supports and the corresponding t
| Objective-C |
- Clang-Tidy3 |
+ Clang-Tidy 3 |
- |
- |
- |
@@ -369,7 +369,7 @@ The table below lists all languages that Codacy supports and the corresponding t
Radon |
- | Ruby6 |
+ Ruby 7 |
Brakeman,
RuboCop,
Semgrep 1 |
@@ -377,7 +377,7 @@ The table below lists all languages that Codacy supports and the corresponding t
Trivy |
Trivy, scans
Gemfile.lock (Bundler) |
Flay |
- RuboCop |
+ RuboCop 6 |
| Rust |
@@ -402,7 +402,7 @@ The table below lists all languages that Codacy supports and the corresponding t
Codacy Scalameta Pro,
Scalastyle,
Semgrep 1,
- SpotBugs3 |
+ SpotBugs 3
- |
- |
- |
@@ -437,7 +437,7 @@ The table below lists all languages that Codacy supports and the corresponding t
- |
Trivy, scans
Package.resolved (SwiftPM) |
PMD CPD |
- SwiftLint7 |
+ SwiftLint8 6 |
| Terraform |
@@ -467,11 +467,11 @@ The table below lists all languages that Codacy supports and the corresponding t
Trivy |
Trivy, scans
package.json and package-lock.json (npm),
yarn.lock (Yarn) |
jscpd |
- ESLint |
+ ESLint 6 |
| Unity |
- Unity Roslyn Analyzers3 |
+ Unity Roslyn Analyzers 3 |
- |
- |
- |
@@ -540,8 +540,9 @@ The table below lists all languages that Codacy supports and the corresponding t
3: Supported as a [client-side tool](../repositories-configure/local-analysis/client-side-tools.md).
4: Currently, Cppcheck only supports [checking the MISRA guidelines for C](https://cppcheck.sourceforge.io/misra.php).
5: Currently, Codacy only supports including the packages [lints](https://pub.dev/packages/lints) and [flutter_lints](https://pub.dev/packages/flutter_lints) on dartanalyzer configuration files.
-6: Currently, Codacy doesn't support any static code analysis tool for [Ruby 3.1](https://www.ruby-lang.org/en/news/2021/12/25/ruby-3-1-0-released/).
-7: Supports [reporting warnings or errors](https://realm.github.io/SwiftLint/cyclomatic_complexity.html) on functions above specific complexity thresholds. Enable the rule **Cyclomatic Complexity** on the [Code patterns page](../repositories-configure/configuring-code-patterns.md), or use a [configuration file](https://realm.github.io/SwiftLint/index.html#configuration) to customize the thresholds.
+6: Doesn't calculate [the number of methods and the complexity per method](../repositories/files.md#file-details) for each file.
+7: Currently, Codacy doesn't support any static code analysis tool for [Ruby 3.1](https://www.ruby-lang.org/en/news/2021/12/25/ruby-3-1-0-released/).
+8: Supports [reporting warnings or errors](https://realm.github.io/SwiftLint/cyclomatic_complexity.html) on functions above specific complexity thresholds. Enable the rule **Cyclomatic Complexity** on the [Code patterns page](../repositories-configure/configuring-code-patterns.md), or use a [configuration file](https://realm.github.io/SwiftLint/index.html#configuration) to customize the thresholds.
🔧: Supports [suggesting fixes](../repositories-configure/integrations/github-integration.md#suggest-fixes) for identified issues.
## Docker images of supported tools
diff --git a/docs/getting-started/which-permissions-does-codacy-need-from-my-account.md b/docs/getting-started/which-permissions-does-codacy-need-from-my-account.md
index 8e28209bef..8b7f487fe2 100644
--- a/docs/getting-started/which-permissions-does-codacy-need-from-my-account.md
+++ b/docs/getting-started/which-permissions-does-codacy-need-from-my-account.md
@@ -63,15 +63,15 @@ If you log in with GitHub, Codacy requires the following [app permissions](https
Read & Write |
Codacy sets the status of commits according to the result of code analysis. |
-
- | Administration |
- Read & Write |
- Codacy creates an SSH key on the repository to allow cloning and integrating with your repository. |
-
| Contents |
Read-Only |
- Codacy accesses repository contents to provide faster code coverage analysis and as part of an initiative to use GitHub App tokens instead of SSH keys when cloning repositories for code quality analysis. |
+ Codacy retrieves repository contents to get installation access tokens when integrating with your repositories and clone them, and for code coverage analysis.
Codacy requests this permission since September 2023. Make sure an organization owner approves Codacy GitHub App updated permissions on your GitHub organization. |
+
+
+ | Administration |
+ Read & Write |
+ This permission will soon be removed and is currently used as a fallback mechanism when the Contents permission isn't available. In this case, Codacy creates an SSH key on the repository to allow cloning and integrating with your repository.
To ensure Codacy keeps working correctly, make sure an organization owner approves Codacy GitHub App updated permissions on your GitHub organization. |
| Organization permissions: |
@@ -206,8 +206,16 @@ If you need to use an integration that you have previously revoked, log in again
## Why does Codacy ask for permission to create SSH keys?
+!!! note
+ **GitHub only:** Codacy will soon start using [installation access tokens](https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/generating-an-installation-access-token-for-a-github-app#about-installation-access-tokens) instead of SSH keys to integrate with your GitHub repositories and clone them. SSH keys are currently used as a fallback mechanism when the [Contents permission](#github-cloud) isn't available.
+
+ To ensure Codacy keeps working correctly, make sure an organization owner [approves Codacy GitHub App updated permissions](https://docs.github.com/en/apps/using-github-apps/reviewing-and-modifying-installed-github-apps) on your GitHub organization.
+
When you add a private repository to Codacy, Codacy uses the integration with your Git provider to create a new SSH key on the repository. Codacy then uses that SSH key every time it needs to clone the repository.
-**Codacy only adds read-only SSH keys** and can't access any of your existing SSH keys. You have full control over which organizations and repositories Codacy is authorized to access, and you can also [revoke the keys created by Codacy at any time](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/reviewing-your-deploy-keys). Codacy doesn't change the contents or member privileges of any repository you authorize it to analyze.
+**Codacy only adds read-only SSH keys** and can't access any of your existing SSH keys. You have full control over which organizations and repositories Codacy is authorized to access. Codacy doesn't change the contents or member privileges of any repository you authorize it to analyze.
We understand the desire for security and privacy and find that the SSH protocol is preferable to HTTPS as it separates Codacy's access rights from the one of the users.
+
+!!! tip
+ You can revoke the keys created by Codacy at any time. See [GitHub](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/reviewing-your-deploy-keys), [GitLab](https://docs.gitlab.com/ee/user/project/deploy_keys/), or [Bitbucket](https://support.atlassian.com/bitbucket-cloud/docs/configure-repository-settings/) documentation for further details.
diff --git a/docs/repositories-configure/images/repository-remove.png b/docs/repositories-configure/images/repository-remove.png
index c1a1131815..c937776cd8 100644
Binary files a/docs/repositories-configure/images/repository-remove.png and b/docs/repositories-configure/images/repository-remove.png differ
diff --git a/docs/repositories-configure/removing-your-repository.md b/docs/repositories-configure/removing-your-repository.md
index a1fe5d4f88..2ed2bee771 100644
--- a/docs/repositories-configure/removing-your-repository.md
+++ b/docs/repositories-configure/removing-your-repository.md
@@ -16,4 +16,7 @@ To delete your repository from Codacy:
!!! note
- For added security, after you remove the repository from Codacy you can delete the webhooks and SSH keys related to this Codacy repository from your Git provider to prevent their reuse.
+ For added security, after you remove the repository from Codacy you can delete from your Git provider the resources related to this Codacy repository to prevent their reuse:
+
+ - Webhooks
+ - SSH keys
diff --git a/docs/repositories-configure/using-submodules.md b/docs/repositories-configure/using-submodules.md
index 487df92b12..e24212b7c3 100644
--- a/docs/repositories-configure/using-submodules.md
+++ b/docs/repositories-configure/using-submodules.md
@@ -4,35 +4,54 @@
By default, Codacy does normal Git clones that **don't include submodules** to ensure that we only clone necessary repositories. If your organization needs to use submodules, you can request Codacy to enable this feature for you.
+!!! important
+ **GitHub only:**
+
+ - To clone repositories, the Codacy GitHub App [requires the Contents permission](../getting-started/which-permissions-does-codacy-need-from-my-account.md#github-cloud). Make sure an organization owner [approves Codacy GitHub App updated permissions](https://docs.github.com/en/apps/using-github-apps/reviewing-and-modifying-installed-github-apps) on your GitHub organization.
+ - Your repository and the repositories that you add as submodules must belong to the same GitHub organization.
+
## Prerequisites for using submodules
1. Contact us at asking to enable submodules on Codacy.
1. **If you're using Codacy Self-hosted**, [update your license](../chart/maintenance/license.md).
-1. If your submodules are:
- - **Public repositories**, make sure that your Git URL uses the HTTPS protocol.
- - **Private repositories**, make sure that your Git URL uses the SSH protocol.
+1. Make sure that your **Git URL** uses the correct protocol:
+ - **GitHub:** HTTPS protocol
+ - **GitLab and Bitbucket:**
+ - HTTPS protocol, if your submodules are **public repositories**
+ - SSH protocol, if your submodules are **private repositories**
## Enabling submodules on a repository
When using submodules, you must do the following for all your existing and new repositories:
-1. Open the repository **Settings**, tab **General**. In the **Danger zone** area, you have the **SSH Key** generated by Codacy to access your repository. Take note of this key.
+1. **GitLab and Bitbucket only:** [Update the public SSH key](#update-key) that Codacy uses to access your repository.
- Codacy generates this repository key when you add a repository to Codacy and uses it to clone that repository. When you're using submodules, Codacy needs to clone additional repositories it may not have access to. To overcome this, Codacy must use an SSH key of your user account to have access to the same repositories as your user.
+1. If you're using submodules to share an analysis tool configuration file across your repositories, check if your tool recursively searches the subdirectories of your repositories for configuration files.
-1. For GitHub and Bitbucket, remove this Codacy key from the repository settings on your Git provider.
+ If your tool doesn't detect the configuration files in the submodule directories, you must include a configuration file directly in the root of your repositories referencing the configuration files in the submodule directories.
-1. Add a new SSH key to your git provider account by clicking the link **Add new user key** or the button **Generate New User Key**, depending on your Git provider.
+## Updating the public SSH key to access the repository {: id="update-key"}
- For GitHub and Bitbucket, this takes you to the Git provider page where you can manage your user account SSH keys. For GitLab, Codacy removes the existing repository key and creates the new SSH key on your user account automatically.
+!!! info "This section applies only to GitLab and Bitbucket"
- 
+On GitLab and Bitbucket organizations, Codacy generates a repository key when you add a repository to Codacy and uses it to clone that repository. When you're using submodules, Codacy needs to clone additional repositories it may not have access to. To overcome this, Codacy must use an SSH key of your user account to have access to the same repositories as your user.
-1. If you're using submodules to share an analysis tool configuration file across your repositories, check if your tool recursively searches the subdirectories of your repositories for configuration files.
+To update your GitLab or Bitbucket public SSH key that Codacy uses to access your repository, do the following:
- If your tool doesn't detect the configuration files in the submodule directories, you must include a configuration file directly in the root of your repositories referencing the configuration files in the submodule directories.
+1. Open the repository **Settings**, tab **General**. In the **Danger zone** area, you have the **SSH Key** generated by Codacy to access your repository.
+
+1. Depending on your Git provider, do the following to update the key:
+
+ - For GitLab, click the button **Generate New User Key**. Codacy removes the existing repository key and creates the new SSH key on your user account automatically.
+
+ - For Bitbucket:
+ 1. Remove the existing Codacy key from the repository settings on your Git provider.
+ 1. Click the link **Add new user key**. This takes you to the Git provider page where you can manage your user account SSH keys.
+ 1. Add a new SSH key to your Git provider account.
+
+ 
## Automating user keys for new repositories
@@ -47,7 +66,5 @@ You can set Codacy to automatically add the new SSH key to your Git provider acc
## See also
-- [Managing deploy keys in GitHub](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/managing-deploy-keys)
-- [Add an SSH key to your GitHub account](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent)
- [Configure repository settings in Bitbucket](https://support.atlassian.com/bitbucket-cloud/docs/configure-repository-settings/)
- [Add an SSH key to your Bitbucket account](https://support.atlassian.com/bitbucket-cloud/docs/configure-ssh-and-two-step-verification/)