CodeDig
Start Free

Configuration Reference

Configure CodeDig behavior with a .codedig.yml file in your repository root.

Overview

The .codedig.yml file controls PR gate thresholds, ignore paths, required security checks, comment rendering, security scanning levels, and analysis settings. All fields are optional and have sensible defaults.

Place the file at the root of your repository. CodeDig reads it on every analysis run.

Full Example

# .codedig.yml - CodeDig Configuration
version: 1

pr_gate:
  # Risk thresholds
  thresholds:
    warning: 50    # Risk score that triggers warning (default: 50)
    failure: 80    # Risk score that blocks merge (default: 80)

  # Paths to ignore in analysis
  ignore:
    - "*.md"
    - "docs/**"
    - "*.test.*"
    - ".github/**"

  # Required checks - block merge if these are detected
  required_checks:
    - no_pii_exposure
    - no_sql_injection
    - test_coverage_minimum: 60

  # PR comment settings
  comment:
    enabled: true
    collapse_details: true  # Collapse detailed findings by default
    show_recommendations: true

security:
  # Security scanning level
  level: full  # basic or full

  # Custom ignore patterns for false positives
  ignore_patterns:
    - "test_data/**"
    - "fixtures/**"

analysis:
  # Languages to analyze (auto-detected if not specified)
  languages:
    - typescript
    - python

  # Max file size to analyze (KB)
  max_file_size: 500

pr_gate

Controls PR gate behavior: when to warn, when to block, what to ignore, and how to render the PR comment.

thresholds

warningintegerdefault: 50
Risk score at which the gate status becomes Warning. PRs with a score at or above this value (but below failure) will be flagged but not blocked.
failureintegerdefault: 80
Risk score at which the gate status becomes Fail. PRs at or above this score are blocked from merging.

ignore

ignorelist of glob patternsdefault: []
Files matching any of these patterns are excluded from analysis. Useful for docs, tests, generated files, and CI configuration. Glob syntax follows standard rules (* matches within a directory,** matches across directories).

required_checks

required_checkslistdefault: []

Checks that must pass for the gate to succeed. Two formats are supported:

  • Simple string: no_pii_exposure
  • With parameter: test_coverage_minimum: 60

Built-in checks: no_pii_exposure, no_sql_injection, no_hardcoded_secrets, test_coverage_minimum.

comment

enabledbooleandefault: true
Whether CodeDig posts a comment on the PR with analysis results.
collapse_detailsbooleandefault: true
If true, detailed findings are collapsed by default in the PR comment (using HTML details/summary).
show_recommendationsbooleandefault: true
If true, remediation recommendations are included in each finding.

security

Controls the depth and scope of security scanning.

levelstringdefault: basic

Scanning depth. basic runs fast pattern-based checks. full adds dataflow analysis and dependency vulnerability scanning.

ignore_patternslist of glob patternsdefault: []
Files matching these patterns are excluded from security scanning. Useful for suppressing false positives in test fixtures and sample data.

analysis

General analysis settings.

languageslist of stringsdefault: [] (auto-detect)
Restrict analysis to specific languages. If empty, CodeDig auto-detects languages from file extensions. Supported values: typescript, javascript, python, rust, go, java, csharp.
max_file_sizeinteger (KB)default: 500
Maximum file size in kilobytes. Files larger than this are skipped during analysis.

Common Examples

Minimal (just raise failure threshold)

# Minimal .codedig.yml - all defaults apply
version: 1

pr_gate:
  thresholds:
    failure: 90

Strict security repo

# Strict configuration for high-security repos
version: 1

pr_gate:
  thresholds:
    warning: 30
    failure: 60
  required_checks:
    - no_pii_exposure
    - no_sql_injection
    - no_hardcoded_secrets
    - test_coverage_minimum: 80
  comment:
    enabled: true
    collapse_details: false
    show_recommendations: true

security:
  level: full

Monorepo with broad ignores

# Monorepo configuration with broad ignores
version: 1

pr_gate:
  ignore:
    - "*.md"
    - "docs/**"
    - "*.test.*"
    - "*.spec.*"
    - ".github/**"
    - "scripts/**"
    - "*.config.*"

analysis:
  languages:
    - typescript
    - python
    - rust
  max_file_size: 1000