Merge branch 'master' into DOCS-708-add-org-configuration

Author: nicklem

docs/assets/includes/paid.md

@@ -9,3 +9,7 @@
 <!--paid-feature-start-->
 !!! info "This is a [paid feature](https://www.codacy.com/pricing)"
 <!--paid-feature-end-->
+
+<!--paid-feature-business-start-->
+!!! info "This feature is [only available on Business plan](https://www.codacy.com/pricing)"
+<!--paid-feature-business-end-->

docs/faq/general/does-codacy-keep-audit-logs.md

@@ -0,0 +1,5 @@
+# Does Codacy keep audit logs for my organization?
+
+On [Business plan](https://www.codacy.com/pricing), Codacy logs significant organization events that can be retrieved for audit reporting.
+
+See [Audit logs for organizations](../../organizations/audit-logs-for-organizations.md) for the complete list of events that Codacy logs, and how to obtain audit log data.

docs/getting-started/supported-languages-and-tools.md

@@ -156,7 +156,7 @@ The table below lists all languages that Codacy supports and the corresponding t
       <td><a href="https://github.com/dart-lang/sdk/tree/main/pkg/analyzer_cli">dartanalyzer</a> <a href="#dart-limitations"><sup>5</sup></a></td>
       <td>-</td>
       <td><a href="https://trivy.dev">Trivy</a></td>
-      <td>-</td>
+      <td><a href="https://trivy.dev">Trivy</a>, scans <br><code>pubspec.lock</code></td>
       <td><a href="https://github.com/kucherenko/jscpd">jscpd</a></td>
       <td>-</td>
     </tr>
@@ -202,7 +202,7 @@ The table below lists all languages that Codacy supports and the corresponding t
       <td><a href="https://semgrep.dev/">Semgrep</a> <a href="#suggest-fixes">🔧</a></td>
       <td><a href="https://semgrep.dev/">Semgrep</a>,
           <a href="https://trivy.dev">Trivy</a></td>
-      <td>-</td>
+      <td><a href="https://trivy.dev">Trivy</a>, scans <br><code>go.mod</code></td>
       <td><a href="https://pmd.github.io/pmd/pmd_userdocs_cpd.html">PMD CPD</a></td>
       <td><a href="https://github.com/fzipp/gocyclo">Gocyclo</a></td>
     </tr>
@@ -277,7 +277,7 @@ The table below lists all languages that Codacy supports and the corresponding t
           <a href="https://semgrep.dev/">Semgrep</a> <a href="#semgrep"><sup>1</sup></a></td>
       <td>-</td>
       <td><a href="https://semgrep.dev/">Semgrep</a></td>
-      <td>-</td>
+      <td><a href="https://trivy.dev">Trivy</a>, scans <br><code>pom.xml</code> and <code>gradle.lockfile</code></td>
       <td><a href="https://github.com/kucherenko/jscpd">jscpd</a></td>
       <td><a href="https://github.com/detekt/detekt">detekt</a></td>
     </tr>

docs/organizations/audit-logs-for-organizations.md

@@ -0,0 +1,70 @@
+---
+description: List of events that Codacy can log for an organization.
+---
+
+# Audit logs for organizations
+
+{%
+    include-markdown "../assets/includes/paid.md"
+    start="<!--paid-feature-business-start-->"
+    end="<!--paid-feature-business-end-->"
+%}
+
+Codacy logs important events in your organization, reflecting when your team members execute specific operations. This enables the generation of comprehensive reports to assist you with the audit process. For example, you can track who added a repository to Codacy, or changed the settings of a coding standard.
+
+[Organization admins and organization managers](./roles-and-permissions-for-organizations.md) can obtain the audit log data of the organization events using the Codacy API endpoint [listAuditLogsForOrganization](https://api.codacy.com/api/api-docs#listauditlogsfororganization).
+
+The retention period of audit logs for organization events is one year.
+
+## Audit log events
+
+Each audit log tracks when a Codacy user executed a specific operation in your organization using the Codacy app or the [Codacy API](https://api.codacy.com/api/api-docs#codacy-api). Each operation is identified by an **action**. For the detailed content of each audit log, see the [Codacy API reference](https://api.codacy.com/api/api-docs#listauditlogsfororganization).
+
+The sections below list the events that Codacy logs for your organization at user, organization, and repository levels.
+
+### User
+
+|Event|Description|Action|
+|-----|-----------|------|
+|Log in|User logged in to Codacy|`user.login`|
+|Create [account API token](../codacy-api/api-tokens.md#account-api-tokens)|New account API token created|`user.tokens.create`|
+|Read account API token|List of account API tokens retrieved|`user.tokens.read`|
+|Delete account API token|Account API token deleted|`user.tokens.delete`|
+
+### Organization
+
+|Event|Description|Action|
+|-----|-----------|------|
+|[Add organization](./what-are-organizations.md#adding-an-organization)|Organization added to Codacy|`organizations.create`|
+|[Add people](./managing-people.md#adding-people) to organization|New people added to the organization|`organizations.people.create`|
+|[Join organization](./managing-people.md#joining)|User joined the organization|`organizations.join`|
+|Update [repository management permissions](./roles-and-permissions-for-organizations.md#change-analysis-configuration)|Repository management permissions updated|`organizations.analysisconfigurationminimumpermission.update`|
+|Assign [organization manager role](./roles-and-permissions-for-organizations.md#managing-the-organization-manager-role)|Organization manager role assigned to a team member|`organizations.security.managers.create`|
+|Revoke organization manager role|Organization manager role revoked from a team member|`organizations.security.managers.delete`|
+|Update [default Git provider configuration](./integrations/default-git-provider-integration-settings.md)|Default Git provider configuration for the organization updated|`organizations.integrations.providersettings.update`|
+|Apply default Git provider configuration to all repositories|Default Git provider configuration applied to all repositories of the organization|`organizations.integrations.providersettings.apply`|
+|Create new organization hook|New organization webhook created|`organizations.settings.hooks.create`|
+|Create new [gate policy](./using-gate-policies.md)|New gate policy created|`organizations.gatepolicies.create`|
+|Update gate policy|Quality gate definition updated|`organizations.gatepolicies.update`|
+|Apply gate policy to repositories|Gate policy applied to a list of repositories|`organizations.gatepolicies.repositories.apply`|
+|Make gate policy default|Gate policy was made the default for the organization|`organizations.gatepolicies.setdefault`|
+|Make Codacy gate policy default|Built-in Codacy gate policy was made the default for the organization|`organizations.gatepolicies.setcodacydefault`|
+|Delete gate policy|Gate policy deleted|`organizations.gatepolicies.delete`|
+|Create new [coding standard](./using-coding-standards.md) using preset sensitivity levels|New coding standard created|`organizations.presetsstandards.create`|
+|Create new coding standard draft using individual language and code pattern settings|New coding standard draft created|`organizations.codingstandards.create`|
+|Create new coding standard from draft|New coding standard created|`organizations.codingstandards.promote`|
+|Update coding standard from draft|Coding standard updated|`organizations.codingstandards.promote`|
+|Apply coding standard to repositories|Coding standard applied to a list of repositories|`organizations.codingstandards.repositories.apply`|
+|Make coding standard default|Coding standard was made the default|`organizations.codingstandards.setdefault`|
+|Delete coding standard|Coding standard deleted|`organizations.codingstandards.delete`|
+
+### Repository
+
+|Event|Description|Action|
+|-----|-----------|------|
+|Create new [post-commit hook](../repositories-configure/integrations/post-commit-hooks.md)|New repository hook created|`repositories.integrations.postcommithook`|
+|Create [repository API token](../codacy-api/api-tokens.md#repository-api-tokens)|New repository API token created|`repositories.tokens.create`|
+|Read repository API token|List of repository API tokens retrieved|`repositories.tokens.read`|
+|Delete repository API token|Repository API token deleted|`repositories.tokens.delete`|
+|Update Git provider integration settings<br>([GitHub](../repositories-configure/integrations/github-integration.md#configuring), [Bitbucket](../repositories-configure/integrations/bitbucket-integration.md#configuring), or [GitLab](../repositories-configure/integrations/gitlab-integration.md#configuring))|Git provider integration settings for the repository updated|`repositories.integrations.providersettings.update`|
+|Refresh Git provider integration<br>(applies only to [Bitbucket](../repositories-configure/integrations/bitbucket-integration.md#refreshing) and [GitLab](../repositories-configure/integrations/gitlab-integration.md#refreshing))|Git provider integration for the repository refreshed|`repositories.integrations.refreshprovider`|

docs/organizations/roles-and-permissions-for-organizations.md

@@ -199,6 +199,15 @@ The table below maps the GitHub Cloud and GitHub Enterprise roles to the corresp
       <td class="yes">Yes</td>
       <td class="yes">Yes</td>
     </tr>
+    <tr>
+      <td>Obtain audit logs for organization events<sup>5</sup></td>
+      <td class="no">No</td>
+      <td colspan="2" class="no">No</td>
+      <td colspan="2" class="no">No</td>
+      <td class="no">No</td>
+      <td class="yes">Yes</td>
+      <td class="yes">Yes</td>
+    </tr>
     <tr>
       <td>Invite and accept members,<br/>modify billing</td>
       <td class="no">No</td>
@@ -223,7 +232,8 @@ The table below maps the GitHub Cloud and GitHub Enterprise roles to the corresp
 <sup>1</sup>: Outside collaborators aren't supported as members of organizations on Codacy. You can still [add outside collaborators to Codacy](managing-people.md#adding-people) so that Codacy analyzes their commits to private repositories, but they won't be able to join your Codacy organization.  
 <sup>2</sup>: Joining an organization may need an approval depending on your setting for [accepting new people](changing-your-plan-and-billing.md#allowing-new-people-to-join-your-organization).  
 <sup>3</sup>: These users can only see security items originating from Codacy repositories that they follow.  
-<sup>4</sup>: Requires that an organization owner has given the Codacy GitHub App access to the repositories to add or remove.
+<sup>4</sup>: Requires that an organization owner has given the Codacy GitHub App access to the repositories to add or remove.  
+<sup>5</sup>: [Audit logs](./audit-logs-for-organizations.md) are available only on [Business plan](https://www.codacy.com/pricing).
 
 ## Permissions for GitLab
 
@@ -353,6 +363,15 @@ The table below maps the GitLab Cloud and GitLab Enterprise roles to the corresp
       <td class="yes">Yes</td>
       <td colspan="2" class="yes">Yes</td>
     </tr>
+    <tr>
+      <td>Obtain audit logs for organization events<sup>4</sup></td>
+      <td class="no">No</td>
+      <td colspan="2" class="no">No</td>
+      <td class="no">No</td>
+      <td colspan="2" class="no">No</td>
+      <td class="yes">Yes</td>
+      <td colspan="2" class="yes">Yes</td>
+    </tr>
     <tr>
       <td>Invite and accept members,<br/>modify billing</td>
       <td class="no">No</td>
@@ -377,6 +396,7 @@ The table below maps the GitLab Cloud and GitLab Enterprise roles to the corresp
 <sup>1</sup>: External users aren't supported as members of organizations on Codacy. You can still [add external users to Codacy](managing-people.md#adding-people) so that Codacy analyzes their commits to private repositories, but they won't be able to join your Codacy organization.  
 <sup>2</sup>: Joining an organization may need an approval depending on your setting for [accepting new people](changing-your-plan-and-billing.md#allowing-new-people-to-join-your-organization).  
 <sup>3</sup>: These users can only see security items originating from Codacy repositories that they follow.  
+<sup>4</sup>: [Audit logs](./audit-logs-for-organizations.md) are available only on [Business plan](https://www.codacy.com/pricing).
 
 ## Permissions for Bitbucket
 
@@ -465,6 +485,12 @@ The table below maps the Bitbucket Cloud and Bitbucket Server roles to the corre
       <td class="yes">Yes</td>
       <td class="yes">Yes</td>
     </tr>
+    <tr>
+      <td>Obtain audit logs for organization events<sup>4</sup></td>
+      <td colspan="2" class="no">No</td>
+      <td class="yes">Yes</td>
+      <td class="yes">Yes</td>
+    </tr>
     <tr>
       <td>Invite and accept members,<br/>modify billing</td>
       <td colspan="2" class="no">No</td>
@@ -482,7 +508,8 @@ The table below maps the Bitbucket Cloud and Bitbucket Server roles to the corre
 
 <sup>1</sup>: Codacy can't distinguish the Bitbucket roles Read and Write because of a limitation on the Bitbucket API.  
 <sup>2</sup>: Joining an organization may need an approval depending on your setting for [accepting new people](changing-your-plan-and-billing.md#allowing-new-people-to-join-your-organization).  
-<sup>3</sup>: These users can only see security items originating from Codacy repositories that they follow.
+<sup>3</sup>: These users can only see security items originating from Codacy repositories that they follow.  
+<sup>4</sup>: [Audit logs](./audit-logs-for-organizations.md) are available only on [Business plan](https://www.codacy.com/pricing).
 
 ## See also
 

docs/release-notes/cloud/cloud-2024-06.md

@@ -0,0 +1,85 @@
+---
+rss_title: Codacy release notes RSS feed
+rss_href: /feed_rss_created.xml
+description: Release notes for Codacy Cloud June 2024.
+included_jira_versions: ['2024.06']
+codacy_tools_version_old: https://github.com/codacy/codacy-tools/releases/tag/7.14.11
+codacy_tools_version_new: https://github.com/codacy/codacy-tools/releases/tag/7.16.17
+---
+
+# Cloud June 2024
+
+These release notes are for the Codacy Cloud updates during June 2024.
+
+📢 [Visit the Codacy roadmap](https://roadmap.codacy.com) and <span class="skip-vale">let us know</span> your feedback on both new and planned product updates!
+
+## Product enhancements
+
+-   You can now [filter Security and Risk Management findings by scan type](../../organizations/managing-security-and-risk.md#scan-types) to see results based on the detection method, including Code Scanning, Software Composition Analysis, Exposed Secrets, Infrastructure as Code, and Penetration Testing. (TCE-1028)
+-   For increased security, Codacy now sets [automatic expiration timeouts](../../account/user-session-management.md) for every session. (PLUTO-879)
+-   The Codacy configuration file now supports a [new field `include_paths`](../../repositories-configure/codacy-configuration-file.md#include-files) that lets you explicitly specify files or directories to include in the analysis. This is particularly useful for bypassing files or directories that are ignored by default or specified in `exclude_paths`. (TCE-977)
+-   Codacy can now detect duplicated code in the following languages: CoffeeScript, Elixir, Groovy, Objective C, Rust, Visual Basic (TCE-1021)
+
+## Bug fixes
+
+-   Fixed an issue that caused missing data in the user interface when navigating the Gate policies settings in the Codacy app. (PLUTO-918)
+-   Fixed an issue that caused discrepancies in reported coverage variation values. (TCE-948)
+-   Fixed a case-sensitivity issue when analyzing file paths in coverage reports. (TCE-982)
+
+## Deprecations
+
+-   On June 5th, Codacy [stopped sending status checks from the old Coverage engine](./cloud-2023-11-23-new-coverage-engine-status-checks.md#deprecation-and-removal-calendar-for-the-old-coverage-engine-status-checks). (ALA-767)
+
+## Tool versions
+
+Codacy Cloud now includes the tool versions below. The tools that were recently updated are highlighted in bold:
+
+-   Ameba 1.5.0
+-   Bandit 1.7.5
+-   Brakeman 4.3.1
+-   bundler-audit (deprecated) 0.9.1
+-   Checkov 3.2.79
+-   Checkstyle 10.13.0
+-   Clang-Tidy 10.0.1
+-   CodeNarc 3.3.0
+-   CoffeeLint 5.2.11
+-   Cppcheck 2.13.0
+-   Credo 1.7.2
+-   CSSLint (deprecated) 1.0.5
+-   **[dartanalyzer 3.4.2](https://github.com/dart-lang/sdk/blob/main/CHANGELOG.md) (updated from 3.3.4)**
+-   detekt 1.23.5
+-   ESLint 8.57.0
+-   ESLint (deprecated) 7.32.0
+-   Faux-Pas 1.7.2
+-   Flawfinder 2.0.19
+-   Gosec 2.15.0
+-   **[Hadolint 2.12.0](https://github.com/hadolint/hadolint/releases/tag/v2.12.0) (updated from 1.18.2)**
+-   Jackson Linter 2.15.2
+-   JSHint (deprecated) 2.13.6
+-   markdownlint 0.33.0
+-   PHP Mess Detector 2.14.1
+-   PHP_CodeSniffer 3.9.2
+-   PMD 6.55.0
+-   Prospector 1.10.3
+-   PSScriptAnalyzer 1.21.0
+-   Pylint 3.1.0
+-   Pylint (deprecated) 1.9.5
+-   remark-lint 9.1.2
+-   Revive 1.3.7
+-   **[RuboCop 1.64.1](https://github.com/rubocop/rubocop/releases/tag/v1.64.1) (updated from 1.63.1)**
+-   Scalastyle 1.5.1
+-   **[Semgrep 1.77.0](https://github.com/semgrep/semgrep/releases/tag/v1.77.0) (updated from 1.68.0)**
+-   ShellCheck v0.9.0
+-   SonarC# 9.23
+-   SonarVB 8.15
+-   Spectral 1.18.1
+-   SpotBugs 4.8.3
+-   SQLint 0.2.1
+-   Staticcheck 2023.1.6
+-   **[Stylelint 16.6.1](https://github.com/stylelint/stylelint/releases/tag/16.6.1) (updated from 15.10.3)**
+-   SwiftLint 0.54.0
+-   Tailor 0.12.0
+-   **[Trivy 0.52.2](https://github.com/aquasecurity/trivy/releases/tag/v0.52.2) (updated from 0.49.1)**
+-   TSLint (deprecated) 6.1.3
+-   TSQLLint 1.11.1
+-   Unity Roslyn Analyzers 1.19.0

docs/release-notes/index.md

@@ -18,6 +18,7 @@ For product updates that are in progress or planned [visit the Codacy public roa
 
 2024
 
+-   [Cloud June 2024](cloud/cloud-2024-06.md)
 -   [Cloud May 2024](cloud/cloud-2024-05.md)
 -   [Cloud April 2024](cloud/cloud-2024-04.md)
 -   [Cloud March 2024](cloud/cloud-2024-03.md)

docs/repositories-configure/configuring-code-patterns.md

@@ -23,7 +23,7 @@ To configure the tools and code patterns for a repository using the Codacy UI:
 
     ![Toggling tools](images/code-patterns-toggle-tools.png)
 
-1.  Select a tool to enable or disable its code patterns. To make it easier to find relevant patterns, use the filters above the pattern list. You can filter by [issue category](../faq/code-analysis/which-metrics-does-codacy-calculate.md#issues), status, or severity level.
+1.  Select a tool to enable or disable its code patterns. To make it easier to find relevant patterns, use the filters above the pattern list. You can filter by [issue category](../faq/code-analysis/which-metrics-does-codacy-calculate.md#issues), status, severity level, or display only recommended code patterns.
 
     To see an explanation of the issues that a pattern detects and how to fix them, click the respective dropdown arrow.
 
@@ -97,7 +97,7 @@ The table below lists the configuration file names that Codacy detects and suppo
   <tr>
     <td><a href="https://docs.openstack.org/bandit/latest/config.html">Bandit</a></td>
     <td>Python</td>
-    <td><code>bandit.yml</code>, <code>.bandit</code></td>
+    <td><code>bandit.yml</code>, <code>bandit.yaml</code>, <code>.bandit</code>, <code>bandit.toml</code>, <code>bandit.ini</code></td>
     <td>To solve flagged valid Python "assert" statements, create a <code>bandit.yml</code> on the root of the repository containing: <code>skips: \['B101'\]</code></td>
   </tr>
   <tr>