Connect Codacy to AI agents

Connect Codacy to Claude, Codex, Cursor, or other AI agents for your entire team. Metorial security, governance, observability, and gives your team a unified Magic MCP url to connect.

Supported Tools

get_repository_analysis

Get Repository Analysis

Retrieve detailed code analysis results for a specific repository including quality grade, issues, complexity, duplication, coverage, and analysis progress. Provides a comprehensive quality overview of the repository.

search_sbom_dependencies

Search SBOM Dependencies

Search software bill of materials (SBOM) dependencies across your organization. Find specific dependencies (e.g. "log4j"), filter by vulnerability severity, and identify which repositories use a given dependency.

configure_analysis_tool

Configure Analysis Tool

Enable, disable, or configure a static analysis tool for a repository. Can toggle the tool on/off and set whether it should use a configuration file from the repository. Use the "List Repository Tools" tool first to find tool UUIDs.

list_repositories

List Repositories

List repositories in the configured organization with their analysis information including quality grade, issue counts, coverage, complexity, and duplication metrics. Can filter by name and supports pagination.

search_security_items

Search Security Items

Search and filter security findings (SRM items) across your organization. Includes SAST issues, secrets detection, dependency vulnerabilities, IaC scanning, DAST findings, and more. Filter by priority, status, scan type, repository, and category.

get_pull_request_analysis

Get Pull Request Analysis

Retrieve detailed analysis results for a specific pull request, including quality gate status, new/fixed issues, coverage metrics, and affected files. Optionally includes the list of issues found in the PR.

list_coding_standards

List Coding Standards

List coding standards configured for the organization. Coding standards define which tools and patterns are used for analysis, ensuring consistent code quality across repositories. Shows drafts and effective standards.

list_pull_requests

List Pull Requests

List pull requests for a repository with their analysis status. Returns PR title, status, quality gate results, and issue counts. Useful for monitoring PR quality across a repository.

search_issues

Search Issues

Search and filter code quality issues in a repository. Filter by severity level (Error, Warning, Info), category (Security, CodeStyle, ErrorProne, etc.), language, branch, pattern, and author. Returns issue details including file path, line number, message, tool, and severity.

add_repository

Add Repository

Add a repository to Codacy for code analysis. Requires admin permissions on the repository in the Git provider. Specify the provider and the full repository path (e.g. "organization/repo-name").

manage_repository_token

Manage Repository Tokens

Create, list, or delete repository API tokens. Repository tokens provide scoped access to a single repository and are commonly used for uploading coverage data via the Codacy Coverage Reporter.

get_commit_analysis

Get Commit Analysis

Retrieve analysis results for a specific commit, including quality metrics, issues introduced, and coverage data. Can also list recent commits with their analysis status for a repository.

list_organizations

List Organizations

List all Codacy organizations the authenticated user belongs to. Returns organization names, providers, and membership details. Useful for discovering available organizations before performing repository-level operations.

list_files

List Repository Files

List files in a repository with their code quality metrics including grade, number of issues, complexity, coverage, and duplication. Useful for identifying problematic files in a codebase.

list_people

List Organization Members

List members of the configured Codacy organization. Supports filtering by name/email and pagination. Returns member details including name, email, and role.

manage_dast_target

Manage DAST Target

Create, list, delete, or trigger scans on DAST (Dynamic Application Security Testing) targets. DAST targets can be web applications or APIs (REST with OpenAPI spec or GraphQL). Use this to manage security scanning of your web applications and APIs.

list_repository_tools

List Repository Tools

List the static analysis tools configured for a repository, including their enabled/disabled status. Shows which analysis tools (e.g. ESLint, PMD, Pylint) are active and whether they use configuration files from the repository.

More integrations teams use with Codacy

GitHub

Manage repositories, issues, and pull requests. Create and configure branches, star repositories, review code, and merge changes. Automate CI/CD workflows with GitHub Actions, manage workflow runs, secrets, and artifacts. Track issues with labels, milestones, and assignees. Search across code, repositories, issues, and users. Manage organizations, teams, and memberships. Create and manage projects, gists, packages, deployments, and environments. Access security alerts including code scanning, secret scanning, and Dependabot alerts. Read and write file contents in repositories. Manage webhooks, notifications, and codespaces.

Sharepoint

Manage SharePoint sites, document libraries, lists, and files. Create, read, update, and delete lists and list items with custom columns. Upload, download, move, copy, and version files in document libraries. Search across sites, files, folders, lists, and list items using Microsoft Search. Manage permissions at site, list, and item levels with granular access control. Define and manage content types and site columns. Subscribe to webhooks for list and library change notifications. Retrieve site properties and search for sites across Microsoft 365.

Salesforce

Manage CRM data including Accounts, Contacts, Leads, Opportunities, Cases, and custom objects. Create, read, update, and delete records. Query data using SOQL and search across objects using SOSL. Perform bulk data operations for large-scale imports, exports, and migrations. Execute composite requests to batch multiple operations in a single API call. Access analytics, reports, and dashboards. Manage files and attachments associated with records. Interact with Chatter feeds, posts, and groups for social collaboration. Subscribe to real-time change events via Change Data Capture and Platform Events. Manage org metadata including custom objects, fields, layouts, and workflows. Query data using GraphQL for precise data retrieval across related objects.

Airtable

Create, read, update, and delete records in Airtable bases and tables. Manage base schemas including creating tables and fields. Filter records using formulas, sort by fields, and scope queries to specific views. Upsert records to find, create, or update in a single call. Upload attachments to records, read and write record comments, list accessible bases, and receive real-time base change events through webhooks.

Bitbucket

Manage Git repositories, pull requests, and CI/CD pipelines on Bitbucket Cloud. Create, fork, and configure repositories within workspaces and projects. Create, review, approve, merge, and decline pull requests with inline code comments. Browse source code, list commits, and manage branches and tags. Track issues with the built-in issue tracker. Trigger, monitor, and manage Bitbucket Pipelines. List workspace members, configure repository default reviewers and branch restrictions, create and manage repository webhooks, and search code across repositories.

Heroku

Deploy, manage, and scale applications on Heroku's cloud platform. Create and configure apps, scale dynos, provision add-ons (databases, caching, etc.), manage configuration variables, build and release code, add custom domains and SSL certificates, manage collaborators and team permissions, configure pipelines for continuous delivery, set up log drains, and sync data with Salesforce via Heroku Connect. Subscribe to webhooks for real-time notifications on app changes, builds, releases, dyno lifecycle events, and more.

Technical notes for Codacy

Manage repositories, analyze code quality, and track security vulnerabilities across 49+ programming languages. Retrieve static analysis results including issues, complexity, duplication, and coverage metrics per commit, pull request, or file. Configure analysis tools, code patterns, and coding standards across organizations. Manage quality gates and gate policies to enforce code quality thresholds. Upload and retrieve code coverage data. Search security findings including SAST issues, secrets, dependency vulnerabilities, and IaC scanning results. Create DAST targets, trigger application security scans, and retrieve results. Search SBOM dependencies across repositories. Manage organization members, repository API tokens, and generate reporting exports.

Connect Codacy to production AI agents

See how Metorial gives Codacy access the governance, tracing, and security controls teams need.

Frequently asked questions

Common questions about connecting Codacy to AI agents with Metorial.

  1. Can Metorial connect Codacy to AI agents?
    Yes. Metorial connects AI agents to Codacy through a governed integration layer, so teams can use the provider while keeping access controlled and observable.
  2. Metorial is MCP compatible and lets teams expose approved provider tools to MCP-capable agents and clients through a controlled access layer.
  3. Metorial applies policies across users, groups, providers, agents, and individual tools, then records the context around every agent interaction.
  4. Yes. Metorial records provider activity so teams can inspect tool calls, troubleshoot integrations, and give security teams the visibility they need.