How are you using Codacy?

“When we code, we set high standards and care about the quality of the code we produce. Code reviews are a crucial step of our development process.” :muscle:

Following the category description, we wanted to understand how you’re using Codacy, and some of the best practices you’ve implemented, depending on the languages you use, so that everyone can get insights on how to better configure Codacy according to their needs. Looking forward to learning more:

  • Which tools do you normally use and which ones do you disable?
  • What issue categories are you most interested in? Code style, security, error prone, performance, compatibility, unused code?
  • Do you prefer to block the merge of pull requests when Codacy finds issues or not?
1 Like
  • Which tools do you normally use and which ones do you disable?

    • Normally we turn off checks around Markdown and the Hadolint since some of the projects we use doesn’t use Docker and etc, so it makes sense to reduce the number of checks.
  • What issue categories are you most interested in? Code style, security, error prone, performance, compatibility, unused code?

    • These days I’m being focusing more find duplicated code, since it’s a very old code base we have and the team kept changing over the months, so finding duplicated code and unused code is defo a thing for us
  • Do you prefer to block the merge of pull requests when Codacy finds issues or not?

    • Definitely! Codacy is mandatory here and when people come around asking us if we can “skip” Codacy, we tend to make the correct questions about: “why skipping” and if we should raise a technical debt ticket for later - normally it’s a big no to skip, but some devs struggle with the legacy code and we find easier just to raise a technical debt and refactor later.

One thing I really miss is actually being able to add github-bots as a user we can ignore in the checks. :feelsbad:


I don’t disable tools; I didn’t take time to look at all of them and check if they are really necessary for my projects.

First, I look at code style because I don’t like when my linter is blinking when I do a code review. Then security, and then the other is any.

Yes, Codacy check is mandatory for merge and for me to do the code review. No :white_check_mark: on Codacy and test suite => no code review.


Hey @lapa182, can you elaborate on this? I’m very curious!

1 Like

Sure thing! We have a Github action that automatically deploys our npm package and create a PR to bump our package.json, but because there’s a Codacy check around code quality it blocks the PR from being merged by the team until the check is successful.

Because the bot it’s not a “Codacy user” it doesn’t run the check, so it’s “blocked” until an admin forces merge.

1 Like

We mostly use pylint (python3) but we don’t usually disable much. We have disabled pylint for python2 but if the tools aren’t triggered then I don’t think they do much harm.

It’s usually a pain when we add a markdown file, but this is because none of our developers are aware of the best practices so we rely on Codacy to tell us about them

Our code is not really a security risk, so these are often the issues that interest us the least. It can be irritating to be told that your random call isn’t sufficiently random for security purposes when you just want to use it for generating values for testing. Although, not irritating enough for us to have turned off this warning.

The ones that really interest us are probably:

  1. error prone
  2. performance
  3. unused code
  4. code style

In that order

We are quite strict with our Codacy issues and block pull requests. Most of our developers are either very junior (interns) or scientists (maths/physics). This means they do not always write the cleanest code. Sometimes this is just due to a lack of knowledge about python shortcuts and Codacy suggests something better, often it’s just unused imports/variables that have been forgotten about. Codacy makes us keep our code clean :slight_smile:

Recently we’ve been really strict and increased the checks to include missing doc strings. So no documentation, no merge!


Hi @lapa182, have you considered adding the email address for the bot as an Author on Codacy?

This way, Codacy will analyze the commits and pull requests from this “user” :robot: and perhaps it will solve your issue.

(The way we add contributors to Codacy is going to change soon, by the way, and it will become simpler to do! :+1:)

1 Like

This is interesting. So, would you say that in a way, Codacy helps mentor these developers who aren’t so proficient in a programming language? :mortar_board:

Love this! :bookmark_tabs: :heart:

Hey @paulo.ribeiro, yeah we considered but getting charged for a github-bot is kind of awkward haha.

To a certain point yes. At least in python. I imagine it depends on the tools used.
A classic example for us is list comprehensions. They make a big difference to speed in python and new developers are not always aware of this so errors such as pylint’s:

map/filter on lambda could be replaced by comprehension

are useful to make them aware of this


So far my coding experiece with Codacy not that big but I already see it’s benefits.

Already see many options that will help me in future but at this moment it’s a great tool for several cases:

  1. Debugging - you can check your code every time you made some upgrade, it will find mistakes or pieces of code you should delete now or later (like console.log for example).
  2. Refactoring - already found several ways to refactor my own code lookin on issues from Codacy.
  3. Learning - assuming that Codacy already can provide you an option to check if your code meets general “best practices” you can always learning to make your code look much better.
  4. Mentoring - this option can be very helpful for new developers that can’t find a mentor for themselves. Codacy can check their code like a mentor, find mistakes, give advice.

I think this list is much bigger and I will do my best to update it when I will have even more experience using Codacy.