Skip to main content
This is a list of the third-party open-source linters and security analysis tools that CodeRabbit uses to generate code reviews. For more information about fine-tuning the CodeRabbit configuration of a tool, click that tool’s name in the following list. For an overview of how CodeRabbit uses these tools when generating code reviews, as well as general information about controlling their use, see Configure third-party tools.

​
Multipurpose tools

These tools run on many or all file types in your repository. They identify general bugs and security risks, including pattern-based and semantic code analysis, secret exposure, insecure dependencies, misconfigured infrastructure-as-code, and causes of failing CI/CD pipelines.
ToolCategory
ast-grep, OpenGrep, SemgrepCode Quality, Code Security
BetterleaksSecret Scanning
OSV-ScannerPackage Version Security
CI/CD Pipeline AnalysisCI/CD Generic User Configured
Checkov, TrivyIaC Code Security
TruffleHogSecret Scanning

​
Tools by technology

The following tools are automatically selected and run based on the specific languages, file types, or frameworks detected in your repositories. CodeRabbit determines which tools to run depending on the contents of your codebase, recent changes, or the presence of relevant configuration files. Pipeline tools will only trigger based on platform or configured CircleCI integration.
TechnologyToolsCategory
AstroBiome, oxlint, ESLintCode Quality
Azure ARMCheckov, TrivyCode Security
Azure DevOps PipelinesCI/CD Pipeline AnalysisCI/CD Pipeline Analysis
CircleCICircleCIConfiguration Validation
CloudFormationCheckov, TrivyCode Security
CppcheckCppcheckCode Quality
ClangClang-TidyCode Quality
CSSBiome, Stylelint, ESLintCode Quality
DockerHadolint, Checkov, TrivyCode Quality, Code Security
Docker ComposeCheckov, TrivyCode Security
Environment Files (.env)Dotenv LinterCode Quality
FortranFortitudeCode Quality
GraphQLESLintCode Quality
GitHub ActionsactionlintCode Quality, CI/CD Pipeline Analysis
GitLab PipelinesCI/CD Pipeline AnalysisCI/CD Pipeline Analysis
Gogolangci-lintCode Quality
HelmCheckov, TrivyCode Security
HTMLHTMLHintCode Quality
JavascriptBiome, oxlint, ESLintCode Quality
JSON, JSONCBiome, CheckovCode Quality
JSXBiome, oxlint, ESLintCode Quality
KotlindetektCode Quality
KubernetesCheckov, TrivyCode Security
LessStylelintCode Quality
LuaLuacheckCode Quality
MakefileCheckmakeCode Quality
Markdownmarkdownlint, LanguageToolCode Quality, Grammar Checking
PHPPHPStan, PHPMD, PHPCSCode Quality
PlaintextLanguageToolGrammar and Spell Checking
JavaPMDCode Quality
ProtobufBufCode Quality
PythonRuff, Pylint, Flake8Code Quality
Jupyter NotebooksRuff, Pylint, Flake8Code Quality
RegalRegalCode Quality
PowerShellPSScriptAnalyzerCode Quality
RubyRuboCop, BrakemanCode Quality, Code Security
RustClippyCode Quality
SassStylelintCode Quality
Shell (sh, bash, ksh, dash)ShellCheckCode Quality
Smartysmarty-lintCode Quality
Windows Batch Files (bat, cmd)BlinterCode Quality
ShopifyShopify CLICode Quality
SQLSQLFluffCode Quality
SCSSStylelintCode Quality
StylusStylelintCode Quality
SugarSSStylelintCode Quality
SvelteBiome, oxlint, ESLintCode Quality
SwiftSwiftLintCode Quality
TerraformTFLint, Checkov, TrivyCode Quality, Code Security
TSXBiome, oxlint, ESLintCode Quality
TypescriptBiome, oxlint, ESLintCode Quality
VueBiome, oxlint, ESLintCode Quality
YAMLYAMLlint, CheckovCode Quality, Code Security
PrismaPrisma LintCode Quality