After you’ve signed up, you can import your first repository:

1. In the upper-right corner of any page, click plus icon.
2. Select one or more repositories to import.
3. Click Import.

For now we support GitHub or Bitbucket as repository source.

 Occasionally you may see a notification that the repository is running in Reduced Feature Mode:

 This is because there is no webhook between external provider and CodeFactor for the repository in question, meaning that:

• repository is analyzed on-demand only;
• there is no status for GitHub or Bitbucket pull requests;
• repository changes (e.g. new branches, renaming branches, etc.) are not synchronized.

Only GitHub or Bitbucket Admin can create a webhook to CodeFactor. If you are the Admin, you can create the webhook by clicking on "FIX IT".

For best experience, we highly recommend to have your repositories running in full feature

Every time you open a new Pull Request (PR) CodeFactor inspects it and reports results on dedicated PR page and on GitHub/Bitbucket as commit status.

If you're using GitHub, you can now setup detailed reporting inside PR via Checks feature. To begin, visit the Settings page for your repository.

CodeFactor shows issues for any files that were added or modified between the source and target branches. When the target branch changes over time and merge commit is made for PR, CodeFactor tries to exclude any unrelated issues to reduce noise. You may still see unrelated issues for cases when PR is created

After you’ve imported your first repository, CodeFactor will automatically inspect any changes coming to Default branch. This includes:

1. Any Commits. You can check the latest list on Overview page.
2. Any Pull Requests. CodeFactor will push status notification for commits in pull request.

You can inspect how each commits affect repository branch quality-wise on Overview page. Problematic areas on your code can be quickly viewed on Hotspots panel.

Prerequisites:

Must be an a GitHub Admin for organization that owns Public repository. 

Explanation:

By default GitHub restricts third-party applications to access Company Owned applications - see https://help.github.com/articles/about-third-party-application-restrictions.

Resolution:

Verify if your organization has granted access to 3rd party applications to access your repositories:

1. Go to https://github.com/settings/connections/applications/4194d7d196308e89f706
2. Click 'Grant Access' under Organization access (if button is not visible then org admin must do this step)

You will now able be able to create Webhooks between CodeFactor and GitHub via FIX IT button in CodeFactor.io. 

CodeFactor supports Python 2.7.x and 3.13.x as there are key differences between them. Version 3.13.x is enabled by default, but you can change this on repository Settings page:

Once new version is selected, all related Python files for actives branches will be reinspected.

Once CodeFactor has identified some issues for repository you can learn up on them by clicking Read Up icon.

Click Create Issue icon to review and submit new issue request to repository provider (e.g. GitHub). Create Comment icon is used to review and submit new comment request.

Click Ignore icon to exclude specific issue, similar issues or source file from analysis.

If you would like to ignore a specific Issue or entire issue pattern across repository, you can have CodeFactor.io ignore it as follows:

1. Go to any page containing issues.
2. Click Ignore icon (shown as eye) on upper right corner of issue header.
   1. Click Ignore Issue to exclude selected issue only.
   2. Click Ignore Issues like this to exclude selected issue pattern for entire repository.
   3. Click Ignore File to exclude related file with all it's issues.

If you later decide that some issues should no longer be ignored, go to Issues page and click Ignored filter button on upper right corner. Here you

Prerequisites:

Must be an a GitHub Admin for organization that owns Private or Public repository. 

Explanation:

By default GitHub restricts third-party applications to access Company Owned applications - see https://help.github.com/articles/about-third-party-application-restrictions.

Resolution:

Verify if your organization has granted access to 3rd party applications to access your repositories:

1. Go to https://github.com/settings/connections/applications/4194d7d196308e89f706
2. Click 'Grant Access' under Organization access (if button is not visible then org admin must do this step)

You will now be able to see organization repos on Add Repository page.

If you see that a specific file should not be included for inspection you can ignore it:

1. Go to code file page.
2. Click Ignore this file button on upper right.

If you have a folder or a global file pattern that should not be included you can ignore it as well:

1. Go to repository Settings
2. Click Ignore Files.
3. Enter patterns and click Save changes.

Note: Case sensitive patterns, one per line. (e.g. src/blob/* to exclude all files in blob folder).

Note: some files are ignored automatically. E.g. files created by Visual Studio designer or containing auto-generated marker.

1. Make sure you have Admin permissions for your GitHub repository. CodeFactor requires this in order to create or update webhook to receive notifications from GitHub. Here is how.
2. Go to repository Settings page and click Refresh button.
3. Next time you push commit to Pull Request or Branch you should see it being reviewed by CodeFactor.

Please send us an email if the steps above did not resolve the issue.

Further reading

Resolve reduced feature mode

GitHub - Managing team access to an organization repository

GitHub - Repository permission levels for an organization

GitHub - About Webhooks

CodeFactor.io uses a variety of software code analysis tools and algorithms. In addition to proprietary tools CodeFactor.io also takes advantage of several Open Source code analysis tools. Here is the list of Open Source analysis engines that we use:

If engine is not provided with custom configuration it will use default rule-set. We reserve the right to disable selected rules without notice if necessary.

Supported packages

Dart

flutter_lints lint lints very_good_analysis

PHP_CodeSniffer

MySource PEAR PSR1 PSR12 PSR2 Squiz Zend WordPress-VIP-Go WordPressVIPMinimum Drupal DrupalPractice PHPCompatibility PHPCompatibilityParagonieRandomCompat PHPCompatibilityParagonieSodiumCompat PHPCompatibilityWP VariableAnalysis WooCommerce WooCommerce-Core WordPress WordPress-Core WordPress-Docs WordPress-ExtraWordPress-VIP

Stylelint

@stylistic/stylelint-plugin stylelint-a11y stylelint-codeguide stylelint-color-format stylelint-csstree-validator stylelint-declaration-block-no-ignored-properties stylelint-declaration-strict-value stylelint-declaration-use-variable

Below are a list of some Git and CodeFactor specific terms we use across our site.

GPA

A grade point average (or GPA) is a standard metric used in the United States to indicate overall academic performance. It is designed to be a single number that captures how well a student performed during a portion of their academic career.

CodeFactor uses a modified metric that used letter indicators combined with 1-10 numeric range:

Default Branch

The default branch is considered the "base" branch in your repository, against which all pull requests and code commits are made. CodeFactor needs to identify it in order

1. Make sure you have Admin permissions for your Bitbucket repository. CodeFactor requires this in order to create or update webhook to receive notifications from Bitbucket.
2. Go to repository Settings page and click Refresh button.
3. Next time you push commit to Pull Request or Branch you should see it being reviewed by CodeFactor.

Please send us an email if the steps above did not resolve the issue.

Further reading

Resolve reduced feature mode

Bitbucket Cloud - Creating webhooks

With Duplication checker enabled, CodeFactor finds similar or duplicate source code for all supported languages. Statistics shows that this checker slows down analysis and reports on issues that are usually non-actionable or just entirely ignored by users. For those reasons and to keep non-actionable reports to a minimum it's disabled by default.

If you still would like to see duplication results for your repository, you may enable it in repository Settings page on CodeFactor. 

.

If you decide to use duplication checker note that:

- There is an inspection timeout window set for each language. If analysis exceeds this window,

The default branch is considered the "base" branch in your repository, against which all pull requests and code commits are made.

CodeFactor will try to identify default branch when importing new repository. If you have admin rights over a repository, you can set new default branch:

1. Go to repository Settings
2. Change the default branch using the dropdown.

1. Make sure you have Admin permissions for your GitHub or Bitbucket repository. CodeFactor requires this in order to receive full member list for a repository.
2. Go to repository Members page and click 'Refresh' button
3. Alternatively go to repository Settings page and click 'Reset access' button

Further details:

GitHub: If repository is fully integrated, it should receive all collaborator and added team events. Any other team changes are not received (not available) via webhook.

Bitbucket: repository member changes are not available via webhook.

By default CodeFactor will inspect default branch only for new repositories. However, you can freely enable other branches as well:

1. Go to repository Branches
2. Click On/Off toggle to start or stop code quality inspection.

There are few major problems with repositories having large number of files:

• it may take hours to review
• review may generate very high number of issues making it counter-productive to resolve

To provide consistent feedback loop we are actively limiting reviewed file count to 5K. Files are selected based on update date, number of changes (churn) and line count - this is to make sure that important files are included.

Also, these files do not count towards limit:

• with unrecognized language
• ignored by user
• ignored by CodeFactor (auto-generated, library, etc.)

We want to keep CodeFactor safe for everyone. If you've discovered a security vulnerability, we appreciate your help in disclosing it to us in a responsible manner.

Please email us at security@codefactor.io. We'll work with you to make sure we understand the issue and address it. We consider security correspondence and vulnerabilities our highest priorities and will work to address any issues that arise ASAP.

Please act in good faith towards our users' privacy and data during this process. White hat researchers are always appreciated and we won't take legal action against you if act accordingly.