codity risk-analysis
codity risk-analysis evaluates how risky a change is before you merge or deploy it. It focuses on regression risk, rollout risk, and blast radius rather than only finding code bugs.
Use it before merging migrations, dependency changes, concurrency changes, public API changes, or changes that are hard to roll back.
Usage
codity risk-analysis [flags]
Flags
| Flag | Description |
|---|---|
--staged | Analyze staged changes only. This is the default. |
--all | Analyze all uncommitted changes, staged and unstaged. |
--commit <sha> | Analyze a specific commit. |
--branch <branch> | Analyze your current branch against a base branch. |
Examples
Analyze staged changes:
codity risk-analysis --staged
Analyze everything in your working tree:
codity risk-analysis --all
Analyze a single commit:
codity risk-analysis --commit abc1234
Analyze your current branch against main:
codity risk-analysis --branch main
Output
The result includes:
- Overall risk -
critical,high,medium, orlow. - Risk score - A 0-100 score where higher means more risky.
- Summary - A short explanation of the main risk.
- Findings by category - Counts by risk area.
- Risk regions - File and line ranges with descriptions and mitigations.
Risk categories can include functional breakage, API breakage, data migration, concurrency, performance, rollback complexity, dependency changes, test coverage, and observability.
How to Use the Result
- Treat
criticalandhighresults as review blockers unless the risk is intentional and mitigated. - Use the mitigation text as a checklist before merging.
- Add tests, rollout guards, logging, or rollback steps for categories that appear in the result.
- Run the command again after addressing the highest-risk findings.