> ## Documentation Index > Fetch the complete documentation index at: https://docs.codeant.ai/llms.txt > Use this file to discover all available pages before exploring further. # Analysis Configuration > Configure which analyses run on your repository and how files are filtered ### Overview CodeAnt AI allows you to configure analysis settings at multiple levels. You can control which analyses are enabled, set file include/exclude patterns, and tune thresholds like the maintainability index — all through a clear precedence hierarchy. ### Configuration Precedence When multiple configuration sources exist, CodeAnt AI resolves them in the following order (highest priority first): | Priority | Source | Description | | --------------- | ----------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------- | | **1 (Highest)** | **Inline (CI/CD parameters)** | Parameters passed directly when triggering an analysis (e.g., `include_files`, `exclude_files` in API calls or CI/CD pipeline configuration) | | **2** | **Repository file** | `.codeant/configuration.json` checked into your repository | | **3 (Lowest)** | **UI settings** | Configuration set through the CodeAnt AI dashboard under Settings > Analysis Configuration | Each level only overrides the specific fields it defines. If a field is not set at a higher-priority level, the value from the next level down is used. **Example:** If your UI settings enable all analyses, but your `.codeant/configuration.json` disables `secrets_analysis`, secrets scanning will be skipped. If you then pass `include_files=src/**` inline via CI/CD, only the `src/` directory will be scanned — but the disabled secrets analysis from the repo config still applies. ### Repository Configuration File Create a `configuration.json` file in the `.codeant` folder at your repository root: ``` your-repo/ ├── .git/ ├── .codeant/ │ └── configuration.json ├── src/ └── package.json ``` ### Configuration Format ```json theme={null} { "code_analysis": { "enabled": true, "features": { "sast_analysis": "enabled", "secrets_analysis": "enabled", "sca_analysis": "enabled", "iac_analysis": "enabled", "deadcode_analysis": "enabled", "duplicatecode_analysis": "enabled", "antipatterns_analysis": "enabled", "docstring_analysis": "enabled", "complex_function_analysis": "enabled" }, "config": { "complexity": { "maintainability_index": 15 } } }, "file_filters": { "config": { "include_files": "", "exclude_files": "" } } } ``` ### Configuration Options #### Code Analysis * **`enabled`** (boolean): Master toggle for all code analysis. Set to `false` to skip all analyses for this repository. * **`features`** (object): Toggle individual analyses. Each key accepts `"enabled"` or `"disabled"`. | Feature | Description | | --------------------------- | ----------------------------------------------------------------------------- | | `sast_analysis` | Static Application Security Testing — detects security vulnerabilities | | `secrets_analysis` | Scans for exposed secrets like API keys and credentials | | `sca_analysis` | Software Composition Analysis — checks dependencies for known vulnerabilities | | `iac_analysis` | Infrastructure as Code scanning for misconfigurations | | `deadcode_analysis` | Identifies unused code that can be safely removed | | `duplicatecode_analysis` | Detects code duplication | | `antipatterns_analysis` | Detects common code antipatterns | | `docstring_analysis` | Analyzes code documentation quality | | `complex_function_analysis` | Flags functions exceeding the maintainability index threshold | * **`config.complexity.maintainability_index`** (number, 0-100): Threshold for complex function detection. Functions with a maintainability index below this value are flagged. Default: `15`. #### File Filters * **`config.include_files`** (string): Comma-separated glob patterns. Only files matching these patterns will be analyzed. Example: `"src/**,lib/**"`. * **`config.exclude_files`** (string): Comma-separated glob patterns. Files matching these patterns will be excluded from analysis. Example: `"node_modules/**,dist/**,**/*.test.js"`. If both `include_files` and `exclude_files` are specified, `include_files` takes precedence — only included files are considered, and exclude patterns are ignored. ### Sample Configurations #### Security-focused scan only ```json theme={null} { "code_analysis": { "enabled": true, "features": { "sast_analysis": "enabled", "secrets_analysis": "enabled", "sca_analysis": "enabled", "iac_analysis": "enabled", "deadcode_analysis": "disabled", "duplicatecode_analysis": "disabled", "antipatterns_analysis": "disabled", "docstring_analysis": "disabled", "complex_function_analysis": "disabled" } } } ``` #### Scan only the src/ directory ```json theme={null} { "file_filters": { "config": { "include_files": "src/**", "exclude_files": "" } } } ``` #### Disable all analysis for a repository ```json theme={null} { "code_analysis": { "enabled": false } } ``` ### Best Practices * **Version control your config**: Checking `.codeant/configuration.json` into the repository ensures the whole team shares the same analysis settings and changes are reviewed via pull requests. * **Start with defaults**: Only override what you need. Omitted fields inherit from UI settings or defaults. * **Use inline parameters for one-off overrides**: If you need a different scope for a specific CI run, pass `include_files` or `exclude_files` inline rather than modifying the repo config. * **Keep file filters focused**: Prefer narrow `include_files` patterns over broad `exclude_files` to make intent clear.