Codacy is the easiest way for engineering teams to maintain a clean and secure codebase without any pipeline integrations, ready to go with a few clicks:

1. Log in with your GitHub, Bitbucket or GitLab account to add your organization or workspace (requires org admin permissions)
2. Add your repositories with the click of a button. Codacy scans the entire codebase for quality and security violations within minutes. Easily browse all findings, and tackle the most critical risks before they cause damage.
3. As the codebase evolves, every new Pull/Merge Request is scanned in real time, catching new quality and security violations before they get merged, built and released.

On top of code scanning, Codacy tracks test coverage results across files and Pull Requests, preventing untested critical code from being merged.

Codacy's code scanning as-a-service allows businesses to reduce hosting and maintaining complex, dynamic and costly pipeline integrations while ensuring full quality and security coverage across all projects and languages.

As a 100% cloud-based GitHub, Bitbucket and GitLab app, Codacy uses webhooks to keep track of all code changes in real time, and performs all scans on its own AWS infrastructure, while seamlessly updating the latest coding conventions and scan rules for you to keep up with industry trends and evolving programming languages.

For more details on how Codacy keeps your source code safe, see here.

Codacy scans source code in 49 languages across a range of common violations, including error prone code, performance problems, complex code, duplications and code style deviations. Learn more about issue categories here.

All Codacy subscriptions include responsive, high-quality technical support. Our team of experts is ready to assist you with any questions, from initial setup and onboarding to advanced configuration and troubleshooting.

We are committed to ensuring your team is successful with Codacy, providing the reliable assistance you need to keep your development workflow running smoothly.Codacy detects a wide range of security vulnerability types through a curated collection of analysis tools built into the Codacy platform:

• Static Application Security Testing (SAST)
• Hardcoded Secrets and Passwords
• Infrastructure-as-code (IaC scanning)
• Software Composition Analysis (SCA) / Dependency checks
• Dynamic Application Security Testing (DAST)
• Penetration Testing (manual testing via Bulletproof)
• License scanning (coming soon)

Learn more about security categories here.

No, Codacy currently does not support projects hosted on any on-premise Git deployments.

The supported Git providers are GitHub Cloud, Bitbucket Cloud, and GitLab Cloud.

Codacy currently does not support Azure Repos, but you can now join our waitlist to get notified once we do.

The supported Git providers are GitHub Cloud, Bitbucket Cloud, and GitLab Cloud.

Codacy supports 49 popular programming languages and frameworks across back-end, front-end, infrastructure-as-code, mobile code, and everything in between. See a full list of supported languages here.

Yes, Codacy provides plugins for Jetbrains IDEs and VSCode (requires GitHub, Bitbucket or GitLab integration on codacy.com)

The Codacy plugin shows all scan results and fix suggestions for every open Pull Request right inside the IDE for more seamless code reviews, faster remediation, and to help avoid context switching.

While real-time scanning within the IDE (outside the Pull Request flow) is not supported yet, make sure to stay tuned for a major update to our IDE plugin in 2025! 🤫

As we provide cloud solutions for leading enterprises around the world, keeping our customers' data protected at all times is the highest of all priorities. Codacy has implemented bulletproof cloud security measures in accordance with the latest industry standards, and certified by SOC2.

For details on Codacy's security measures, visit https://security.codacy.com.

Codacy is compliant with the General Data Protection Regulation (GDPR). The purpose of GDPR is to protect the private information of EU citizens and give them more control over their personal data.

For any further questions about personal data privacy, contact us at [email protected].

Open Source (free): For individuals and teams working exclusively on public projects.

Pro: For individuals and teams of up to 30 contributors working on up to 100 private projects.

Business: For engineering organizations with more than 30 contributors or more than 100 private projects, as well as teams with advanced security, reporting, and support requirements (see comparison table above)

Codacy requires a seat for every Git contributor who commits code changes to a private repo added to Codacy. Typically, the required number of seats reflects the total size of the development team.

Simply sign up with your Git provider (no credit card required), and enjoy full access to the Codacy platform for 14 days, free of charge.

After the trial period, you can upgrade to a paid plan to continue using Codacy with private repositories, or keep scanning your public repositories for free on the Open Source plan.

Codacy accepts credit cards by Visa, Mastercard, American Express, and Discover. Wire transfers and ACH are accepted only for annual Pro and Business plans.

If your preferred payment method is not supported, please contact us at [email protected].

Yes, you can change or cancel your plan at any time. If you choose to cancel your annual subscription before the conclusion of the 12 months, your account will continue to work for the remainder of the annual billing period.