Static Analysis Rules

Code Analysis is not available for the site.

Try the Beta!

Code Analysis is in public beta.

Overview

Datadog Static Analysis provides out-of-the-box rules to help detect violations in your CI/CD pipelines in code reviews and identify bugs, security, and maintainability issues. For more information, see the Setup documentation.

Ruleset ID: csharp-best-practices Rules to enforce C# best practices.
avoid-call-gc-suppress-finalize
>
no-empty-finalizer
>
finalizer-no-exception
>
avoid-formattablestring
>
no-nested-ternary
>
avoid-notimplementedexception
>
sealed-class-protected-members
>
redundant-modifiers
>
no-sleep-in-tests
>
avoid-gc-collect
>
dispose-objects-once
>
comparison-nan
>
no-exception-special-methods
>
use-specific-exceptions
>
avoid-non-existing-operators
>
objects-ensure-use
>
exception-must-be-thrown
>
catch-nullreference
>
no-empty-default
>
tostring-not-return-null
>
use-assembly-load
>
Ruleset ID: csharp-code-style Rules to enforce C# code style.
short-class-name
>
short-method-name
>
class-naming-conventions
>
variable-naming-conventions
>
interface-first-letter
>
Ruleset ID: csharp-inclusive Rules to make your C# code more inclusive.
Ruleset ID: csharp-security Rules focused on finding security issues in your C# code.
Ruleset ID: github-actions Rules to check your GitHub Actions and detect unsafe patterns, such as permissions or version pinning.
Ruleset ID: go-best-practices Rules to make writing Go code faster and easier. From code style to preventing bugs, this ruleset helps developers writing performant, maintainable, and efficient Go code.
avoid-bare-return
>
time-parse-format
>
avoid-empty-critical-sections
>
valid-regular-expression
>
manual-string-trimming
>
negative-zero
>
redundant-nil-check
>
loop-regexp-match
>
superfluous-else
>
useless-bitwise-operation
>
bad-nil-guard
>
invalid-host-port-pair
>
merge-declaration-assignment
>
comparing-address-nil
>
comparison-true
>
defer-lock
>
redefine-builtin-id
>
redundant-negation
>
math-pow-expansion
>
inefficient-string-comparison
>
invalid-seek-value
>
do-not-compare-nan
>
omit-default-slice-index
>
redundant-type-var-declaration
>
compare-identical
>
unnecessary-blank-identifier
>
mod-one-always-zero
>
simplify-boolean-expression
>
simplify-pointer-operation
>
Ruleset ID: go-security Detect common security issues (such as SQL injection, XSS, or shell injection) in your Go codebase.
command-injection
>
unescape-template-data-js
>
grpc-client-insecure
>
grpc-server-insecure
>
avoid-rat-setstring
>
import-cgi
>
tls-skip-verify
>
http-request-secure
>
chmod-permissions
>
decompression-bomb
>
range-memory-aliasing
>
cookie-secure
>
session-secure
>
unsafe-reflection
>
Ruleset ID: java-best-practices Rules to enforce Java best practices.
avoid-calendar-creation
>
avoid-string-instantiation
>
avoid-reassigning-parameters
>
redundant-initializer
>
avoid-printstacktrace
>
default-label-not-last-in-switch
>
add-empty-string
>
return-internal-array
>
avoid-reassigning-catch-vars
>
while-loop-with-literal-boolean
>
preserve-stack-trace
>
replace-vector-with-list
>
array-is-stored-directly
>
replace-hashtable-with-map
>
missing-switch-statement-default
>
simplify-test-assertions-boolean
>
Ruleset ID: java-code-style Rules to enforce Java code style.
Ruleset ID: java-inclusive Rules for Java to avoid inappropriate wording in the code and comments.
Ruleset ID: java-security Rules focused on finding security issues in Java code.
keygenerator-avoid-des
>
ldap-injection
>
sql-string-tainted
>
avoid-null-cipher
>
sql-injection
>
json-unsafe-deserialization
>
spring-request-file-tainted
>
bad-hexa-concatenation
>
cookies-http-only
>
spring-csrf-disable
>
message-digest-custom
>
no-des-cipher
>
unvalidated-redirect
>
aes-ecb-insecure
>
cipher-padding-oracle
>
trust-boundaries
>
ignore-saml-comment
>
algorithm-no-hardcoded-secret
>
path-traversal-file-read
>
command-injection
>
object-deserialization
>
http-parameter-pollution
>
ldap-entry-poisoning
>
path-traversal
>
tainted-url-host
>
xss-protection
>
weak-message-digest-sha1
>
smtp-insecure-connection
>
spring-csrf-requestmapping
>
sql-injection-turbine
>
sql-injection-hibernate
>
potential-sql-injection
>
unencrypted-socket
>
Ruleset ID: javascript-best-practices Rules to enforce JavaScript best practices.
no-duplicate-case
>
no-dupe-class-members
>
no-unused-expressions
>
Ruleset ID: javascript-browser-security Rules focused on finding security issues in your JavaScript web applications.
event-check-origin
>
react-dangerously-inner-html
>
local-storage-sensitive-data
>
postmessage-permissive-origin
>
Ruleset ID: javascript-common-security Rules focused on finding security issues in your JavaScript code.
axios-avoid-insecure-http
>
xml-no-external-entities
>
unique-function-arguments
>
Ruleset ID: javascript-inclusive Rules for JavaScript to avoid inappropriate wording in the code and comments.
Ruleset ID: javascript-node-security Rules to identify potential security hotspots in Node. This may include false positives that require further triage.