Stats
Actions
Tags
'%20stop-opacity%3D'0.16'%2F%3E%3Cstop%20offset%3D'1'%20stop-color%3D'rgb(200%2C90%2C60)'%20stop-opacity%3D'0.03'%2F%3E%3C%2FlinearGradient%3E%3C%2Fdefs%3E%3Crect%20width%3D'320'%20height%3D'200'%20fill%3D'url(%23g)'%2F%3E%3Ccircle%20cx%3D'250'%20cy%3D'56'%20r%3D'92'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.06'%2F%3E%3Ccircle%20cx%3D'64'%20cy%3D'172'%20r%3D'58'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.05'%2F%3E%3C%2Fsvg%3E)
From codacy-skills
Interacts with Codacy Cloud via the CLI to query repositories, issues, security findings, pull requests, tools, and patterns, and trigger reanalysis.
How this skill is triggered — by the user, by Claude, or both
Slash command
/codacy-skills:codacy-cloud-cliThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
> **Glossary:** See [glossary.md](../../references/glossary.md) for shared definitions of Codacy concepts (issues, findings, severity, coverage, tools, patterns, etc.).
Glossary: See glossary.md for shared definitions of Codacy concepts (issues, findings, severity, coverage, tools, patterns, etc.).
The Codacy Cloud CLI (codacy) is the command-line interface for Codacy Cloud. Use it whenever the user wants to interact with remote Codacy data. This is a different tool from the Codacy Analysis CLI (codacy-analysis), which runs static analysis locally.
# Install
npm install -g @codacy/codacy-cloud-cli
# Authenticate — 3 options:
# 1. Set the `CODACY_API_TOKEN` environment variable
export CODACY_API_TOKEN=<token>
# 2. Use the `codacy login` command (interactive login)
codacy login
# 3. Use the `codacy login` command (with token input)
codacy login --token <token>
# Obtain tokens: Codacy > My Account > Access Management > Account API Tokens (https://app.codacy.com/account/access-management)
# Verify
codacy info
Shared session: The Cloud CLI and the Analysis CLI (codacy-analysis) share the same credentials at ~/.codacy/credentials. Logging in or out with either CLI applies to both — there is no need to authenticate separately.
The CLI is the authoritative source of truth. Always use --help to discover available commands, options, and current behavior:
codacy --help
codacy <command> --help
# e.g. codacy issues --help
Use --output json on any command for machine-readable output.
See the Provider section in the glossary for the full table of CLI values (gh, gl, bb).
The CLI auto-detects the provider, organization, and repository from the git remote origin URL when run inside a repository. This means most commands work without specifying these parameters explicitly:
# Auto-detected (run inside the repo)
codacy issues
codacy repository
codacy pull-request 42
# Equivalent explicit form
codacy issues gh my-org my-repo
codacy repository gh my-org my-repo
codacy pull-request gh my-org my-repo 42
Auto-detection supports GitHub, GitLab, and Bitbucket remote URLs. If the remote cannot be parsed (e.g., non-standard hosting), pass the parameters explicitly. All examples in this document use the explicit form for clarity, but the short form is preferred when running inside a repo.
--reanalyze or waiting for the next commit to be pushed.Use --reanalyze-and-wait (-w) on the repository or pull-request commands to trigger reanalysis and block until it completes. The CLI captures a baseline, triggers reanalysis, polls every 10 seconds (up to 20 minutes), and reports issue deltas by pattern, severity, and category with timing information. Supports --output json for machine-readable delta reports.
# Trigger reanalysis and wait for results (preferred)
codacy repository gh my-org my-repo --reanalyze-and-wait
codacy repository gh my-org my-repo -w -o json # JSON delta report
# Fire-and-forget reanalysis (no waiting)
codacy repository gh my-org my-repo --reanalyze
When using --reanalyze without --and-wait, check progress manually by re-running the command without --reanalyze:
"Reanalysis in progress..." means it is still running; "Finished X ago" means it is donestartedAnalysis and endedAnalysis timestamps — complete when startedAnalysis > trigger time AND endedAnalysis > startedAnalysis# Authenticated user and organizations
codacy info
# List repositories in an organization
codacy repositories <provider> <org>
codacy repositories gh my-org --search my-repo
# Repository dashboard (metrics, PRs, issues overview)
codacy repository gh my-org my-repo
codacy repository gh my-org my-repo --add # add to Codacy
codacy repository gh my-org my-repo --remove # remove from Codacy
codacy repository gh my-org my-repo --follow # follow repository
codacy repository gh my-org my-repo --unfollow # unfollow repository
codacy repository gh my-org my-repo --reanalyze # trigger reanalysis (fire-and-forget)
codacy repository gh my-org my-repo --reanalyze-and-wait # trigger and wait for completion with delta report
codacy repository gh my-org my-repo --link-standard <id> # link a coding standard
codacy repository gh my-org my-repo --unlink-standard <id> # unlink a coding standard
# List issues with optional filters
codacy issues gh my-org my-repo
codacy issues gh my-org my-repo --branch main --severities Critical,High
codacy issues gh my-org my-repo --categories Security
codacy issues gh my-org my-repo --tools eslint,semgrep # filter by detecting tool
codacy issues gh my-org my-repo --limit 500 # fetch up to N results (default 100, max 1000)
# Overview: totals grouped by category/severity/language
codacy issues gh my-org my-repo --overview # short flag: -O
codacy issues gh my-org my-repo -O -o json # JSON — includes per-pattern issue counts and false positive counts
The --overview output includes:
codacy pattern disable commands for each. If a pattern is enforced by a coding standard or uses a config file, the suggestion adapts accordingly (e.g., suggests editing the coding standard or the config file instead)# Full details for a single issue
codacy issue gh my-org my-repo <issueId>
# Ignore / unignore an issue
codacy issue gh my-org my-repo <issueId> --ignore
codacy issue gh my-org my-repo <issueId> --ignore --ignore-reason FalsePositive --ignore-comment "Not applicable here"
codacy issue gh my-org my-repo <issueId> --unignore
# Bulk-ignore all issues matching filters
codacy issues gh my-org my-repo --severities Minor --categories CodeStyle --ignore
Filters: --branch, --patterns, --severities (Critical,High,Medium,Minor), --categories, --languages, --tools, --tags, --authors
Ignore reasons: AcceptedUse (default) | FalsePositive | NotExploitable | TestCode | ExternalCode
# List findings
codacy findings gh my-org my-repo
codacy findings gh my-org # org-wide
codacy findings gh my-org my-repo --severities Critical,High
codacy findings gh my-org my-repo --statuses Overdue,DueSoon
codacy findings gh my-org my-repo --limit 500 # fetch up to N results (default 100, max 1000)
# Full details for a single finding (includes CVE data)
codacy finding gh my-org my-repo <findingId>
# Ignore / unignore a finding
codacy finding gh my-org my-repo <findingId> --ignore
codacy finding gh my-org my-repo <findingId> --ignore --ignore-reason FalsePositive --ignore-comment "Verified safe"
codacy finding gh my-org my-repo <findingId> --unignore
Filters: --search, --severities (Critical,High,Medium,Low), --statuses (Overdue,OnTrack,DueSoon,ClosedOnTime,ClosedLate,Ignored), --categories, --scan-types, --dast-targets
Ignore reasons: AcceptedUse (default) | FalsePositive | NotExploitable | TestCode | ExternalCode
# PR summary (status, issues, coverage, changed files)
codacy pull-request gh my-org my-repo <prNumber>
# Annotated git diff with coverage and inline issues
codacy pull-request gh my-org my-repo <prNumber> --diff
# Full details for a specific issue within the PR
codacy pull-request gh my-org my-repo <prNumber> --issue <issueId>
# Ignore a specific issue in the PR
codacy pull-request gh my-org my-repo <prNumber> --ignore-issue <issueId>
codacy pull-request gh my-org my-repo <prNumber> --ignore-issue <issueId> --ignore-reason FalsePositive
codacy pull-request gh my-org my-repo <prNumber> --unignore-issue <issueId>
# Ignore all potential false positive issues in the PR at once
codacy pull-request gh my-org my-repo <prNumber> --ignore-all-false-positives
# Trigger reanalysis of PR HEAD commit
codacy pull-request gh my-org my-repo <prNumber> --reanalyze
codacy pull-request gh my-org my-repo <prNumber> --reanalyze-and-wait # trigger and wait for completion
# List all tools (enabled/disabled)
codacy tools gh my-org my-repo
# Enable or disable a tool
codacy tool gh my-org my-repo eslint --enable
codacy tool gh my-org my-repo eslint --disable
codacy tool gh my-org my-repo eslint --configuration-file true
# List patterns for a tool
codacy patterns gh my-org my-repo eslint
codacy patterns gh my-org my-repo eslint --enabled --categories Security
codacy patterns gh my-org my-repo pylint --search W0123
# Full details for a specific pattern (description, parameters, severity, category)
codacy pattern gh my-org my-repo eslint no-unused-vars
# Enable, disable, or configure a pattern
codacy pattern gh my-org my-repo eslint no-unused-vars --enable
codacy pattern gh my-org my-repo eslint no-unused-vars --disable
codacy pattern gh my-org my-repo eslint max-len --parameter max=120
# Enable or disable all patterns matching specific filters
codacy patterns gh my-org my-repo eslint --categories Security --severities Critical,High --enable-all
codacy patterns gh my-org my-repo pylint --categories CodeStyle --severities Minor --disable-all
Configuration file and coding standard awareness:
--configuration-file true), codacy patterns skips fetching managed patterns (they don't apply)--enable/--disable will refuse the operation with a message indicating which standard enforces it. Update the coding standard at the organization level instead, or unlink the standard from the repository first (codacy repository ... --unlink-standard <id>)Pattern search tip: Codacy pattern IDs combine tool prefix and original ID. Use --search with the original ID to find them:
codacy patterns gh my-org my-repo semgrep --search HttpGetHTTPRequest
codacy patterns gh my-org my-repo pylint --search W0123
# Import tool and pattern configuration from a local config file
codacy tools gh my-org my-repo --import # imports from .codacy/codacy.config.json (default path)
codacy tools gh my-org my-repo --import ./custom-config.json # imports from a custom path
codacy tools gh my-org my-repo --import -y # skip confirmation prompt
codacy tools gh my-org my-repo --import --force -y # unlink coding standard first, then import
The --import flag reads a local .codacy/codacy.config.json (or a specified path) and applies the tool and pattern configuration to the Codacy Cloud repository. Use -y (--skip-approval) to skip the interactive confirmation. Use --force to unlink the repository from its Coding Standard before importing — this is required when org-level standards block pattern changes.
Import behavior:
Note: The .codacy/codacy.config.json file is for local analysis only. Committing it to the repository does NOT affect Codacy Cloud. The --import command is the only way to sync local config to Cloud.
Check critical security issues in a repo:
codacy findings gh my-org my-repo --severities Critical,High
Review what a PR introduced:
codacy pull-request gh my-org my-repo 42
codacy pull-request gh my-org my-repo 42 --diff
Understand a specific issue:
codacy issue gh my-org my-repo <issueId> # includes pattern docs and code context
Trigger reanalysis and wait for results:
codacy repository gh my-org my-repo --reanalyze-and-wait
codacy repository gh my-org my-repo -w -o json # JSON delta report with issue changes by pattern/severity/category
Identify and reduce noise:
codacy issues gh my-org my-repo --overview # see false positive counts and suggested actions to reduce noise
Blocks Edit/Write/Bash actions until Claude investigates importers, data schemas, and user instructions. Improves output quality by forcing concrete facts before edits.
npx claudepluginhub codacy/codacy-skills --plugin codacy-skills