codity scan
Run security vulnerability scanning on your code changes. Identifies CVEs, CWEs, insecure dependency chains, and security anti-patterns.
Usage
codity scan [flags]Flags
| Flag | Description |
|---|---|
--staged | Scan staged changes only (default) |
--all | Scan all uncommitted changes (staged + unstaged) |
--commit <sha> | Scan a specific commit |
--branch <branch> | Scan changes against a base branch |
Examples
Scan staged changes:
codity scan --stagedScan all uncommitted changes:
codity scan --allScan a specific commit:
codity scan --commit abc1234Scan your branch against main:
codity scan --branch mainOutput
Each security finding includes:
- File and line — Location of the vulnerability
- CWE/CVE — Relevant vulnerability identifiers
- Severity — Critical, high, medium, or low
- Title — Short description of the vulnerability
- Description — Detailed explanation
- Suggested fix — Recommended remediation
- Code snippet — The affected code