|
| 1 | +--- |
| 2 | +description: Install and use the Codacy Cloud CLI to manage your repositories, issues, security findings, pull requests, and tool configurations directly from your terminal. |
| 3 | +--- |
| 4 | + |
| 5 | +# Codacy Cloud CLI |
| 6 | + |
| 7 | +The Codacy Cloud CLI gives you a fast terminal interface to your Codacy data. Add repositories, review issues, investigate security findings, inspect pull requests, and configure tools—all without opening a browser. |
| 8 | + |
| 9 | +Pair it with [Codacy Skills](#install-the-codacy-skills) to interact with your Codacy data in plain language directly from your AI assistant. |
| 10 | + |
| 11 | +<div style="position: relative; padding-bottom: 61.224489795918366%; height: 0;"><iframe src="https://www.loom.com/embed/1960b3f07f2c419682a1e22e2b2928d1" allowfullscreen style="position: absolute; top: 0; left: 0; width: 100%; height: 100%; border: 0;"></iframe></div> |
| 12 | + |
| 13 | +## Installation |
| 14 | + |
| 15 | +Install the CLI using npm: |
| 16 | + |
| 17 | +```bash |
| 18 | +npm install -g @codacy/codacy-cloud-cli |
| 19 | +``` |
| 20 | + |
| 21 | +Alternatively, you can build from source. See the [GitHub repository](https://github.com/codacy/codacy-cloud-cli) for instructions. |
| 22 | + |
| 23 | +## Authentication {: id="authentication"} |
| 24 | + |
| 25 | +Run `codacy login` and enter your API token when prompted. Codacy stores your credentials encrypted at `~/.codacy/credentials`. |
| 26 | + |
| 27 | +```bash |
| 28 | +codacy login |
| 29 | +``` |
| 30 | + |
| 31 | +For non-interactive environments such as CI/CD pipelines, set the `CODACY_API_TOKEN` environment variable instead. This takes precedence over stored credentials. |
| 32 | + |
| 33 | +Get your API token under **My Account > Access Management > API Tokens** in Codacy. See [API tokens](../codacy-api/api-tokens.md) for details. |
| 34 | + |
| 35 | +To remove your stored credentials, run `codacy logout`. |
| 36 | + |
| 37 | +## Install the Codacy Skills {: id="install-the-codacy-skills"} |
| 38 | + |
| 39 | +The [Codacy Skills](https://github.com/codacy/codacy-skills) let your AI assistant interact with your Codacy data in plain language, without needing to remember command syntax: |
| 40 | + |
| 41 | +- "Show me the critical security findings in my org" |
| 42 | +- "What issues were introduced in PR #42?" |
| 43 | +- "Ignore all false positives in the last pull request" |
| 44 | + |
| 45 | +**Claude Code** (recommended): |
| 46 | + |
| 47 | +```bash |
| 48 | +claude plugin marketplace add codacy/codacy-skills |
| 49 | +claude plugin install codacy-skills@codacy |
| 50 | +``` |
| 51 | + |
| 52 | +**Claude.ai**: download the skill folder, zip it, and upload it under **Settings > Capabilities > Skills**. |
| 53 | + |
| 54 | +If you use a different AI assistant, visit the [Codacy Skills repository](https://github.com/codacy/codacy-skills) to install the skills directly. |
| 55 | + |
| 56 | +## What you can do |
| 57 | + |
| 58 | +All commands follow the same pattern: |
| 59 | + |
| 60 | +```bash |
| 61 | +codacy <command> <provider> <organization> [repository] [options] |
| 62 | +``` |
| 63 | + |
| 64 | +Where `<provider>` is `gh` (GitHub), `gl` (GitLab), or `bb` (Bitbucket). |
| 65 | + |
| 66 | +Use `--output json` on any command to get machine-readable output for scripting. |
| 67 | + |
| 68 | +### Manage your repositories |
| 69 | + |
| 70 | +```bash |
| 71 | +# List repositories in an organization |
| 72 | +codacy repositories gh my-org |
| 73 | + |
| 74 | +# Get a full overview of a specific repository |
| 75 | +codacy repository gh my-org my-repo |
| 76 | +``` |
| 77 | + |
| 78 | +You can also add or remove repositories, follow/unfollow them, link coding standards, and request reanalysis. Use flags like `--add`, `--remove`, and `--reanalyze` on the same command. |
| 79 | + |
| 80 | +### Review code issues |
| 81 | + |
| 82 | +List and filter issues by severity, category, tool, author, or branch: |
| 83 | + |
| 84 | +```bash |
| 85 | +# List all issues |
| 86 | +codacy issues gh my-org my-repo |
| 87 | + |
| 88 | +# Filter by severity and category |
| 89 | +codacy issues gh my-org my-repo --severities Critical,High --categories Security |
| 90 | + |
| 91 | +# Filter by branch or author |
| 92 | +codacy issues gh my-org my-repo --branch feature/my-feature --authors dev@example.com |
| 93 | + |
| 94 | +# Show counts only |
| 95 | +codacy issues gh my-org my-repo --overview |
| 96 | +``` |
| 97 | + |
| 98 | +Ignore all issues matching your current filters in one step: |
| 99 | + |
| 100 | +```bash |
| 101 | +codacy issues gh my-org my-repo --severities Critical --ignore --ignore-reason FalsePositive |
| 102 | +``` |
| 103 | + |
| 104 | +Inspect a single issue and ignore or remove the ignore flag: |
| 105 | + |
| 106 | +```bash |
| 107 | +codacy issue gh my-org my-repo <issueId> --ignore --ignore-reason AcceptedUse |
| 108 | +``` |
| 109 | + |
| 110 | +### Investigate security findings |
| 111 | + |
| 112 | +List findings for an organization or a specific repository, with optional filters: |
| 113 | + |
| 114 | +```bash |
| 115 | +# Organization-wide findings |
| 116 | +codacy findings gh my-org |
| 117 | + |
| 118 | +# Per-repository, filtered by severity |
| 119 | +codacy findings gh my-org my-repo --severities Critical,High |
| 120 | + |
| 121 | +# Filter by scan type |
| 122 | +codacy findings gh my-org --scan-types SAST,Secrets |
| 123 | +codacy findings gh my-org --scan-types SCA,IaC --severities High |
| 124 | +``` |
| 125 | + |
| 126 | +Findings are tracked with statuses like `Overdue`, `OnTrack`, and `DueSoon`. Use `--statuses` to filter accordingly: |
| 127 | + |
| 128 | +```bash |
| 129 | +codacy findings gh my-org --statuses Overdue,DueSoon |
| 130 | +``` |
| 131 | + |
| 132 | +### Inspect pull requests |
| 133 | + |
| 134 | +```bash |
| 135 | +# Get the full analysis summary |
| 136 | +codacy pull-request gh my-org my-repo 42 |
| 137 | + |
| 138 | +# View an annotated diff with new issues and coverage changes |
| 139 | +codacy pull-request gh my-org my-repo 42 --diff |
| 140 | + |
| 141 | +# Ignore all false positives in bulk |
| 142 | +codacy pull-request gh my-org my-repo 42 --ignore-all-false-positives |
| 143 | + |
| 144 | +# Trigger reanalysis of the HEAD commit |
| 145 | +codacy pull-request gh my-org my-repo 42 --reanalyze |
| 146 | +``` |
| 147 | + |
| 148 | +### Configure tools and patterns |
| 149 | + |
| 150 | +```bash |
| 151 | +# List all tools and see which are enabled |
| 152 | +codacy tools gh my-org my-repo |
| 153 | + |
| 154 | +# Enable or disable a tool |
| 155 | +codacy tool gh my-org my-repo eslint --enable |
| 156 | +codacy tool gh my-org my-repo pylint --disable |
| 157 | + |
| 158 | +# Import tool configuration from .codacy/codacy.config.json |
| 159 | +codacy tools gh my-org my-repo --import |
| 160 | +``` |
| 161 | + |
| 162 | +Bulk-enable or bulk-disable patterns, or set a parameter on a specific pattern: |
| 163 | + |
| 164 | +```bash |
| 165 | +# Bulk-enable or bulk-disable by category or severity |
| 166 | +codacy patterns gh my-org my-repo eslint --categories Security --enable-all |
| 167 | +codacy patterns gh my-org my-repo eslint --severities Minor --disable-all |
| 168 | + |
| 169 | +# Set a parameter on a specific pattern |
| 170 | +codacy pattern gh my-org my-repo eslint max-len --enable --parameter max=120 |
| 171 | +``` |
| 172 | + |
| 173 | +!!! note |
| 174 | + Tool and pattern changes take effect after the next analysis. Use `--reanalyze` on the repository or pull request command to trigger one immediately. |
| 175 | + |
| 176 | +## Example workflows |
| 177 | + |
| 178 | +### Terminal-first PR review |
| 179 | + |
| 180 | +Before merging, check the full analysis of a pull request (issues, coverage delta, and security findings) without leaving the terminal: |
| 181 | + |
| 182 | +```bash |
| 183 | +# See the PR summary |
| 184 | +codacy pull-request gh my-org my-repo 42 |
| 185 | + |
| 186 | +# See an annotated diff with new issues inline |
| 187 | +codacy pull-request gh my-org my-repo 42 --diff |
| 188 | +``` |
| 189 | + |
| 190 | +### Combine with the GitHub CLI and AI Reviewer |
| 191 | + |
| 192 | +Use the [GitHub CLI](https://cli.github.com/) alongside the Codacy CLI to incorporate feedback from the [AI Reviewer](../repositories-configure/integrations/github-integration.md#ai-reviewer), which posts analysis summaries as PR comments: |
| 193 | + |
| 194 | +```bash |
| 195 | +# Read AI Reviewer comments on the PR |
| 196 | +gh pr view 42 --comments |
| 197 | + |
| 198 | +# Cross-reference with the Codacy annotated diff |
| 199 | +codacy pull-request gh my-org my-repo 42 --diff |
| 200 | +``` |
| 201 | + |
| 202 | +Feed both outputs to Claude Code (with the Codacy skill installed) to decide what to fix and apply it directly. |
| 203 | + |
| 204 | +### Use the CLI in CI |
| 205 | + |
| 206 | +The CLI works in any CI environment. Set `CODACY_API_TOKEN` as a secret and install the CLI as a step: |
| 207 | + |
| 208 | +{% raw %} |
| 209 | +```yaml |
| 210 | +- name: Install Codacy Cloud CLI |
| 211 | + run: npm install -g @codacy/codacy-cloud-cli |
| 212 | + |
| 213 | +- name: Run Codacy CLI |
| 214 | + env: |
| 215 | + CODACY_API_TOKEN: ${{ secrets.CODACY_API_TOKEN }} |
| 216 | + run: codacy issues gh ${{ github.repository_owner }} my-repo --output json |
| 217 | +``` |
| 218 | +{% endraw %} |
| 219 | +
|
| 220 | +From there, pipe the JSON output to `jq`, post results as PR comments with the [GitHub CLI](https://cli.github.com/), open issues, send Slack notifications — whatever fits your workflow. |
| 221 | + |
| 222 | +## See also |
| 223 | + |
| 224 | +- [Codacy Cloud CLI on GitHub](https://github.com/codacy/codacy-cloud-cli) |
| 225 | +- [Codacy Skills on GitHub](https://github.com/codacy/codacy-skills) |
| 226 | +- [API tokens](../codacy-api/api-tokens.md) |
| 227 | +- [Using the Codacy API](../codacy-api/using-the-codacy-api.md) |
| 228 | +- [GitHub integration and AI Reviewer](../repositories-configure/integrations/github-integration.md#ai-reviewer) |
0 commit comments