Configure Code Quality Tools
CodeStax includes three code quality analysis tools that run alongside security scans. You can enable or disable each tool independently and adjust their sensitivity thresholds to match your team’s standards.
The Three Quality Tools
Configuring Tools at the Organization Level
All quality tool settings are managed through the unified Policies system.
Configuration Reference
Tool Enable/Disable
| Setting | Default | Description |
|---|---|---|
| Complexity Analysis (Radon) | Enabled | Runs cyclomatic complexity and maintainability index analysis on Python files |
| Dead Code Detection (Vulture) | Enabled | Detects unused code in Python projects |
| Duplicate Detection (jscpd) | Enabled | Finds copy-paste blocks across all supported languages |
Threshold Settings
| Setting | Range | Default | When to Adjust |
|---|---|---|---|
| Complexity Reporting Threshold | 1 - 50 | 10 | Lower = more findings. Raise to 15-20 if too noisy for large legacy codebases |
| Minimum Confidence % | 50 - 100 | 80% | Lower to catch more potential dead code. Raise to 90%+ to reduce false positives |
| Minimum Duplicate Lines | 3 - 20 | 6 | Lower to catch small duplications. Raise if boilerplate code generates too many findings |
| Minimum Duplicate Tokens | 25 - 150 | 50 | Works alongside min-lines. Higher values focus on larger, more significant duplications |
Exclude Paths
The Quality Analysis Exclude Paths field lets you skip specific directories from quality analysis. Enter comma-separated path names:
tests, docs, migrations, generated, fixturesThese are added to the built-in exclusions (node_modules, vendor, .git, dist, build, __pycache__).
Per-Repository Overrides
You can override quality tool settings for specific repositories — for example, disabling Vulture on a legacy project or raising the complexity threshold for a data pipeline repo.
To revert a repository to organization defaults, click Reset to Org Defaults.
How Thresholds Affect Results
Understanding what the thresholds control:
| Threshold | Lower Value | Higher Value |
|---|---|---|
| Complexity | Reports simpler functions (more findings) | Only flags highly complex functions (fewer findings) |
| Vulture Confidence | Catches more potential dead code but may include false positives | Only reports code that is almost certainly unused |
| Duplicate Lines | Catches small repeated blocks (3-5 lines) | Only flags large duplicated sections |
| Duplicate Tokens | More sensitive to short repeated patterns | Focuses on substantial code clones |
Quality Tools vs Quality Gates
These settings control what the scanner reports. Quality gates (in the same Policies page, under Quality Gates) control whether findings block merges. For example:
- Quality Tools: “Report complexity issues above threshold 10” (scanner configuration)
- Quality Gates: “Fail if complexity score exceeds 60” (pass/fail enforcement)
Both work together: tools produce findings, gates evaluate them. See Set Up Quality Gates for gate configuration.