codity risk-analysis

codity risk-analysis evaluates how risky a change is before you merge or deploy it. It focuses on regression risk, rollout risk, and blast radius rather than only finding code bugs.

Use it before merging migrations, dependency changes, concurrency changes, public API changes, or changes that are hard to roll back.

Usage

codity risk-analysis [flags]

Flags

FlagDescription
--stagedAnalyze staged changes only. This is the default.
--allAnalyze all uncommitted changes, staged and unstaged.
--commit <sha>Analyze a specific commit.
--branch <branch>Analyze your current branch against a base branch.

Examples

Analyze staged changes:

codity risk-analysis --staged

Analyze everything in your working tree:

codity risk-analysis --all

Analyze a single commit:

codity risk-analysis --commit abc1234

Analyze your current branch against main:

codity risk-analysis --branch main

Output

The result includes:

  • Overall risk - critical, high, medium, or low.
  • Risk score - A 0-100 score where higher means more risky.
  • Summary - A short explanation of the main risk.
  • Findings by category - Counts by risk area.
  • Risk regions - File and line ranges with descriptions and mitigations.

Risk categories can include functional breakage, API breakage, data migration, concurrency, performance, rollback complexity, dependency changes, test coverage, and observability.

How to Use the Result

  • Treat critical and high results as review blockers unless the risk is intentional and mitigated.
  • Use the mitigation text as a checklist before merging.
  • Add tests, rollout guards, logging, or rollback steps for categories that appear in the result.
  • Run the command again after addressing the highest-risk findings.