Skip to content

Codacy API Credentials

Service Name: Codacy

Service Description: Codacy is an automated code review tool that analyzes code quality, security vulnerabilities, code duplication, and complexity across multiple programming languages. It helps development teams maintain code standards and identify issues early in the development process.

Service Address: https://www.codacy.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the organization level through Codacy's enterprise settings.

Secret Access Scope: Grants programmatic access to Codacy's API, allowing users to retrieve analysis results, manage projects, configure quality settings, and integrate with CI/CD pipelines.

Secret Revokement URL: https://docs.codacy.com/organizations/managing-api-tokens/

Secret Example: cda_1a2b3c4d5e6f7g8h9i0j1k2l3m4n5o6p

Suspicious Activity Investigation Instructions:

  • Review the Codacy audit logs for unusual API calls or project access.
  • Check for unexpected project additions or configuration changes.
  • Monitor for unusual analysis patterns or unexpected integrations.
  • Review user access and permission changes in your Codacy organization.
  • Check for unauthorized webhooks or integrations with external services.

Mitigation Instructions:

  • Sign in to your Codacy account and go to the organization settings.
  • Go to API Tokens.
  • Identify the compromised token and select Revoke to invalidate it.
  • Generate a new API token if needed, with appropriate scopes.
  • Review and update any integrations or CI/CD pipelines that were using the revoked token.
  • Consider implementing IP restrictions for API access if available in your plan.
  • Review user permissions and remove unnecessary access rights.