| title | Code Quality |
|---|---|
| description | AI-powered code review tool for maintainability, readability, and performance |
The Corgea Code Quality Scanner is an AI-powered code review tool that identifies maintainability, readability, performance, and correctness issues in your codebase. Unlike our security vulnerability scanners that focus on security threats, the Code Quality Scanner acts as an expert software engineer reviewing your code to help maintain high standards and prevent technical debt.
The Code Quality Scanner analyzes your source code files to identify concrete issues that impact your codebase's long-term health. Think of it as having an experienced senior engineer reviewing every file, catching issues that might slip through manual code reviews while focusing on practical, actionable improvements.
- Automated Code Review: Performs thorough analysis of your code, checking for common quality issues that affect maintainability
- Language-Aware Analysis: Understands the context and conventions of different programming languages
- Framework Detection: Recognizes common frameworks and applies framework-specific best practices
- Severity Classification: Prioritizes issues based on their impact (High, Medium, Low)
- CWE Mapping: Maps issues to Common Weakness Enumeration (CWE) standards for standardized categorization
The Code Quality Scanner identifies a comprehensive range of code quality issues. All findings are mapped to CWE standards for consistent categorization.
- **Typos and spelling errors** in code comments, variable names, and strings (CWE-1078) - **Inaccurate or misleading comments** that contradict actual code behavior or may be outdated (CWE-1116)```javascript example.js
// Bad: Misleading comment
// Calculate the sum of two numbers
function multiply(a, b) {
return a * b; // Actually multiplying, not adding
}
```
```python example.py
# Bad: Empty exception block silently swallows errors
try:
risky_operation()
except Exception:
pass # Error is hidden!
```
```java Example.java
// Bad: String concatenation in loop
String result = "";
for (int i = 0; i < 1000; i++) {
result += data[i]; // Creates new string object each iteration
}
```
The scanner processes each file in your codebase individually, analyzing the complete source code with full context of the file's structure, language, and detected frameworks.
Using advanced language models specifically trained for code review, the scanner examines your code against established software engineering principles and best practices. The AI understands:
- Language-specific idioms and conventions
- Framework patterns and best practices
- Code complexity and maintainability metrics
- Industry-standard software design principles
When a potential issue is found, the scanner:
- Pinpoints the exact lines of code involved
- Classifies the issue type using CWE standards
- Assigns an appropriate severity level
- Generates a clear explanation of the problem and its impact
-
The scanner only reports issues it's at least 90% confident about. This high threshold ensures that findings are actionable and accurate, not speculative.
-
The 90% confidence threshold significantly reduces noise and false positives, so you can trust that reported issues are worth addressing.
The Code Quality Scanner includes sophisticated false positive suppression mechanisms to ensure you receive only meaningful, actionable findings:
Security Issue Exclusion: The scanner explicitly excludes security vulnerabilities (SQL injection, XSS, authentication issues, etc.) as these are handled by Corgea's dedicated security scanners. This prevents overlap and confusion between code quality and security findings.
Style Preference Filtering: Minor style preferences such as brace placement, indentation, and whitespace are not reported. The scanner focuses on substantive quality issues, not formatting preferences.
The scanner understands code context to avoid false positives:
- Recognizes when "empty" blocks are intentional (e.g., placeholder implementations)
- Understands framework-specific patterns that might otherwise look problematic
- Considers language idioms that are acceptable in specific programming languages
When code quality issues are identified, Corgea provides automated remediation capabilities to help you fix problems quickly and consistently:
The automated remediation system can fix many common code quality issues, including:
- Removing unused variables and imports - Converting magic numbers to named constants - Fixing typos in variable names and comments - Consolidating duplicate code into shared functions - Simplifying overly complex expressions - Breaking down complex one-liners - Improving variable and function names - Adding proper error handling - Implementing framework-specific patterns- Issue Context: The system analyzes the full context around each issue, understanding not just the problematic code but its role in the broader codebase
- Safe Fixes: Automated fixes are designed to be safe and maintain existing functionality
- Code Style Preservation: Fixes respect your existing code style and conventions
- Review Before Apply: You maintain full control over which fixes to apply
The Code Quality Scanner is completely separate from Corgea's [security vulnerability scanning](/blast) capabilities.
| Code Quality Scanner | Vulnerability Scanner |
|---|---|
| Focuses on maintainability, readability, and correctness | Focuses on security threats and exploitable weaknesses |
| Identifies technical debt and design issues | Identifies SQL injection, XSS, authentication flaws, etc. |
| Helps improve long-term code health | Helps protect against security breaches |
| Uses CWEs related to code quality | Uses CWEs related to security |
- Security keeps your application safe from attackers
- Code Quality keeps your codebase maintainable, performant, and reliable
Both are essential for a healthy software project, but they address different concerns. A codebase can be secure but unmaintainable, or well-structured but vulnerable. Corgea provides both to give you complete visibility into your code's health.
Issues that **will cause crashes, severe performance problems, or critical bugs**: - Empty catch blocks that hide errors - Infinite loops - Logic that always fails - Critical performance bottlenecks
<Warning>**Action**: Fix immediately</Warning>
<Info>**Action**: Address in your next refactoring cycle</Info>
<Tip>**Action**: Fix when convenient or during related work</Tip>
The Code Quality Scanner integrates seamlessly into your development workflow:
Link your code repository to Corgea using [GitHub](/github), [GitLab](/gitlab), [Azure DevOps](/azure_devops), or [Bitbucket](/bitbucket) The scanner analyzes your files automatically Browse identified issues with clear explanations and severity levels in the [project dashboard](/project) Use [automated remediation](/fixes) or fix issues manually Monitor improvements in code quality over timeLearn about Corgea's security vulnerability scanning capabilities Explore how automated remediation works across all scan types Manage and suppress false positives effectively Track and manage all issues across your projects
For assistance, contact us at support@corgea.com