Code detection in Codeup scans your repositories for issues using a layered system of rules, strategies, and quality gates.
Concepts
Detection rule: The fundamental unit of detection. Each rule targets a specific issue pattern — for example, exposed credentials or insecure plaintext passwords.
Detection rule package: A collection of detection rules grouped by detection type or engine — for example, a sensitive information detection package.
Detection strategy: A group of rule packages combined with their runtime parameter configurations. A single strategy can be applied to multiple repositories. When applied to a repository, the strategy is instantiated as a detection task.
Detection task: A running instance of a detection strategy on a specific repository. A task can run multiple times on a branch, and each run produces a separate report.
Quality gate: A pass/fail checkpoint. If the number of detected issues exceeds the configured threshold, the quality gate fails. Quality gates are commonly used in merge request checks to control whether code can advance to the next stage.
Severity levels of rules
Each detection rule carries one of three severity levels. Use the levels to prioritize which issues to address first.
|
Severity |
What it means |
Recommended action |
|
Critical |
Violations can cause serious consequences. |
Fix immediately. |
|
Warning |
Non-compliance risks system stability and efficiency. |
Fix before merging. |
|
Suggestion |
Rules that improve individual coding habits and team collaboration. |
Address when time allows. |