Codeup provides multi-language code detection rule packages covering development quality, security vulnerabilities, and dependency risks.
Rule packages
Codeup supports multi-language detection rules for source code quality and security, plus dependency vulnerability scanning. Rules adhere to CWE, OWASP, SANS, and CERT standards.
|
Rule package name |
Applicable language |
Description |
|
Java development specification |
Java |
Based on the Alibaba Java Development Manual, these are the standards followed by Java engineers within Alibaba Cloud, covering coding, unit testing, exception logging, engineering, security, and MySQL conventions. |
|
Java security detection |
Uses SpotBugs rules and patterns to detect common code issues and potential security vulnerabilities. |
|
|
Source code vulnerability detection |
Powered by Sourcebrella Pinpoint, this package detects coding vulnerabilities including:
|
|
|
Dependency package vulnerability detection |
Open-source dependencies often contain known vulnerabilities. To mitigate these risks:
Scans direct and indirect dependencies against a vulnerability database and recommends fixed versions. |
|
|
Code patch recommendation |
Analyzes code bugs and recommends fixes using a self-developed algorithm, which has been included in the International Conference on Software Engineering (ICSE). Applied to merge request auto-scans, the algorithm provides developers with bug patch suggestions trained on Best Practices samples. |
|
|
JavaScript development specification (Vue/React) |
JavaScript |
ESLint configuration aligned with Alibaba Frontend Guidelines, covering coding style, language features, comments, and naming conventions. |
|
TypeScript development specification (Vue/React) |
TypeScript |
ESLint configuration aligned with Alibaba Frontend Guidelines, covering coding style, language features, comments, and naming conventions. |
|
Golang development specification |
Golang |
Detects Go code standard violations: coding style, code simplification opportunities, unstructured sections, and unused functions, variables, and types. |
|
Golang security detection |
Uses Gosec to perform static analysis on Go code, identifying potential security vulnerabilities and providing real-time feedback and suggestions before deployment. |
|
|
Python development specification |
Python |
Analyzes Python code for errors, style violations, and potential issues, and provides refactoring suggestions. |
|
Python security detection |
Uses Bandit to detect and fix security issues in Python code. |
|
|
Python coding style detection |
Uses PyCodeStyle to identify and correct style issues in Python code. |
|
|
Node.js security detection |
Node.js |
Uses ESLint rules to detect common security risks in Node.js applications. |
|
C/C++ security detection |
C/C++ |
Uses CppLint to check code against Google's C++ style guide, identifying security issues and providing code quality recommendations. |
|
C/C++ basic rule package |
Performs code analysis without compilation information, detecting undefined behaviors, code errors, style issues, and performance problems. |
|
|
Lua general detection |
Lua |
Uses LuaCheck to identify and fix syntax, style, and security issues in Lua code. |
|
Scala coding style detection |
Scala |
Uses ScalaStyle to detect and correct code style issues in Scala projects. |
|
Kotlin basic rule package |
Kotlin |
Uses Detekt to identify coding issues in Kotlin, improving code quality and reducing vulnerabilities. |
|
Android basic rule package |
Android |
Uses Android Lint to identify coding standard and security issues, improving code quality and reducing vulnerabilities. |
|
Sensitive information detection |
Not limited by language |
Detects sensitive credentials such as API keys within the code to prevent accidental exposure or submission of sensitive information. |