Overview
CodeAnt AI allows you to configure analysis settings at multiple levels. You can control which analyses are enabled, set file include/exclude patterns, and tune thresholds like the maintainability index — all through a clear precedence hierarchy.
Configuration Precedence
When multiple configuration sources exist, CodeAnt AI resolves them in the following order (highest priority first):
| Priority | Source | Description |
|---|
| 1 (Highest) | Inline (CI/CD parameters) | Parameters passed directly when triggering an analysis (e.g., include_files, exclude_files in API calls or CI/CD pipeline configuration) |
| 2 | Repository file | .codeant/configuration.json checked into your repository |
| 3 (Lowest) | UI settings | Configuration set through the CodeAnt AI dashboard under Settings > Analysis Configuration |
.codeant/configuration.json disables secrets_analysis, secrets scanning will be skipped. If you then pass include_files=src/** inline via CI/CD, only the src/ directory will be scanned — but the disabled secrets analysis from the repo config still applies.
Repository Configuration File
Create a configuration.json file in the .codeant folder at your repository root:
your-repo/
├── .git/
├── .codeant/
│ └── configuration.json
├── src/
└── package.json
{
"code_analysis": {
"enabled": true,
"features": {
"sast_analysis": "enabled",
"secrets_analysis": "enabled",
"sca_analysis": "enabled",
"iac_analysis": "enabled",
"deadcode_analysis": "enabled",
"duplicatecode_analysis": "enabled",
"antipatterns_analysis": "enabled",
"docstring_analysis": "enabled",
"complex_function_analysis": "enabled"
},
"config": {
"complexity": {
"maintainability_index": 15
}
}
},
"file_filters": {
"config": {
"include_files": "",
"exclude_files": ""
}
}
}
Configuration Options
Code Analysis
-
enabled (boolean): Master toggle for all code analysis. Set to false to skip all analyses for this repository.
-
features (object): Toggle individual analyses. Each key accepts "enabled" or "disabled".
| Feature | Description |
|---|
sast_analysis | Static Application Security Testing — detects security vulnerabilities |
secrets_analysis | Scans for exposed secrets like API keys and credentials |
sca_analysis | Software Composition Analysis — checks dependencies for known vulnerabilities |
iac_analysis | Infrastructure as Code scanning for misconfigurations |
deadcode_analysis | Identifies unused code that can be safely removed |
duplicatecode_analysis | Detects code duplication |
antipatterns_analysis | Detects common code antipatterns |
docstring_analysis | Analyzes code documentation quality |
complex_function_analysis | Flags functions exceeding the maintainability index threshold |
config.complexity.maintainability_index (number, 0-100): Threshold for complex function detection. Functions with a maintainability index below this value are flagged. Default: 15.
File Filters
-
config.include_files (string): Comma-separated glob patterns. Only files matching these patterns will be analyzed. Example: "src/**,lib/**".
-
config.exclude_files (string): Comma-separated glob patterns. Files matching these patterns will be excluded from analysis. Example: "node_modules/**,dist/**,**/*.test.js".
If both include_files and exclude_files are specified, include_files takes precedence — only included files are considered, and exclude patterns are ignored.
Sample Configurations
Security-focused scan only
{
"code_analysis": {
"enabled": true,
"features": {
"sast_analysis": "enabled",
"secrets_analysis": "enabled",
"sca_analysis": "enabled",
"iac_analysis": "enabled",
"deadcode_analysis": "disabled",
"duplicatecode_analysis": "disabled",
"antipatterns_analysis": "disabled",
"docstring_analysis": "disabled",
"complex_function_analysis": "disabled"
}
}
}
Scan only the src/ directory
{
"file_filters": {
"config": {
"include_files": "src/**",
"exclude_files": ""
}
}
}
Disable all analysis for a repository
{
"code_analysis": {
"enabled": false
}
}
Best Practices
- Version control your config: Checking
.codeant/configuration.json into the repository ensures the whole team shares the same analysis settings and changes are reviewed via pull requests.
- Start with defaults: Only override what you need. Omitted fields inherit from UI settings or defaults.
- Use inline parameters for one-off overrides: If you need a different scope for a specific CI run, pass
include_files or exclude_files inline rather than modifying the repo config.
- Keep file filters focused: Prefer narrow
include_files patterns over broad exclude_files to make intent clear.
