> ## Documentation Index > Fetch the complete documentation index at: https://docs.coderabbit.ai/llms.txt > Use this file to discover all available pages before exploring further. # Tools reference > Complete reference for all CodeRabbit supported tools and their configuration options, organized by category. This reference is automatically generated from the CodeRabbit tools schema. Last updated: 2026-05-10 CodeRabbit supports integration with **51 static analysis tools**, linters, and security scanners. Each tool can be configured individually within your `.coderabbit.yaml` file. Browse all supported tools Learn configuration basics ## Example configuration ```yaml .coderabbit.yaml theme={null} # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json reviews: tools: eslint: enabled: true gitleaks: enabled: true ``` ## All tools actionlint is a static checker for GitHub Actions workflow files. **Configuration options:** Enable actionlint | actionlint is a static checker for GitHub Actions workflow files. | v1.7.12 Defaults to `true`. **Example configuration:** ```yaml theme={null} reviews: tools: actionlint: enabled: true ``` Enable ast-grep | ast-grep is a code analysis tool that helps you to find patterns in your codebase using abstract syntax trees patterns. | v0.42.1 **Configuration options:** List of rules directories. Defaults to \`\`. List of utils directories. Defaults to \`\`. Use ast-grep essentials package. Defaults to `true`. Predefined packages to be used. Defaults to \`\`. **Example configuration:** ```yaml theme={null} reviews: tools: ast-grep: enabled: true ``` Biome is a fast formatter, linter, and analyzer for web projects. **Configuration options:** Enable Biome | Biome is a fast formatter, linter, and analyzer for web projects. | Enable Biome integration. | v2.4.14 Defaults to `true`. **Example configuration:** ```yaml theme={null} reviews: tools: biome: enabled: true ``` Blinter is a linter for Windows batch files that provides comprehensive static analysis to identify syntax errors, security vulnerabilities, performance issues, and style problems. **Configuration options:** Enable Blinter | Blinter is a linter for Windows batch files that provides comprehensive static analysis to identify syntax errors, security vulnerabilities, performance issues, and style problems. | v1.0.112 Defaults to `true`. **Example configuration:** ```yaml theme={null} reviews: tools: blinter: enabled: true ``` Brakeman is a static analysis security vulnerability scanner for Ruby on Rails applications. | v8.0.3 **Configuration options:** Enable Brakeman | Brakeman is a static analysis security vulnerability scanner for Ruby on Rails applications. | v8.0.3 Defaults to `true`. **Example configuration:** ```yaml theme={null} reviews: tools: brakeman: enabled: true ``` Buf offers linting for Protobuf files. **Configuration options:** Enable Buf | Buf offers linting for Protobuf files. | v1.69.0 Defaults to `true`. **Example configuration:** ```yaml theme={null} reviews: tools: buf: enabled: true ``` checkmake is a linter for Makefiles. **Configuration options:** Enable checkmake | checkmake is a linter for Makefiles. | v0.3.2 Defaults to `true`. **Example configuration:** ```yaml theme={null} reviews: tools: checkmake: enabled: true ``` Checkov is a static code analysis tool for infrastructure-as-code files. **Configuration options:** Enable Checkov | Checkov is a static code analysis tool for infrastructure-as-code files. | v3.2.526 Defaults to `true`. **Example configuration:** ```yaml theme={null} reviews: tools: checkov: enabled: true ``` CircleCI tool is a static checker for CircleCI config files. **Configuration options:** Enable CircleCI | CircleCI tool is a static checker for CircleCI config files. | v0.1.36202 Defaults to `true`. **Example configuration:** ```yaml theme={null} reviews: tools: circleci: enabled: true ``` Configuration for Clang to perform static analysis on C and C++ code **Configuration options:** Enable Clang for C/C++ static analysis and code quality checks | v14.0.6 Defaults to `true`. **Example configuration:** ```yaml theme={null} reviews: tools: clang: enabled: true ``` Clippy is a collection of lints to catch common mistakes and improve your Rust code. **Configuration options:** Enable Clippy | Clippy is a collection of lints to catch common mistakes and improve your Rust code. | Enable Clippy integration. Defaults to `true`. **Example configuration:** ```yaml theme={null} reviews: tools: clippy: enabled: true ``` Cppcheck is a static code analysis tool for the C and C++ programming languages. **Configuration options:** Enable Cppcheck | Cppcheck is a static code analysis tool for the C and C++ programming languages. | v2.20.0 Defaults to `true`. **Example configuration:** ```yaml theme={null} reviews: tools: cppcheck: enabled: true ``` Detekt is a static code analysis tool for Kotlin files. **Configuration options:** Enable detekt | detekt is a static code analysis tool for Kotlin files. | v1.23.8 Defaults to `true`. Optional path to the detekt configuration file relative to the repository. **Example configuration:** ```yaml theme={null} reviews: tools: detekt: enabled: true config_file: "detekt.yml" ``` dotenv-linter is a tool for checking and fixing .env files for problems and best practices **Configuration options:** Enable dotenv-linter | dotenv-linter is a tool for checking and fixing .env files for problems and best practices | v4.0.0 Defaults to `true`. **Example configuration:** ```yaml theme={null} reviews: tools: dotenvLint: enabled: true ``` ember-template-lint is a linter for Handlebars template files that checks for common issues such as accessibility violations, deprecated patterns, and template anti-patterns. **Configuration options:** Enable ember-template-lint | ember-template-lint is a linter for Handlebars template files that checks for common issues such as accessibility violations, deprecated patterns, and template anti-patterns. | v7.9.3 Defaults to `true`. **Example configuration:** ```yaml theme={null} reviews: tools: emberTemplateLint: enabled: true ``` ESLint is a static code analysis tool for JavaScript files. **Configuration options:** Enable ESLint | ESLint is a static code analysis tool for JavaScript files. Defaults to `true`. **Example configuration:** ```yaml theme={null} reviews: tools: eslint: enabled: true ``` Flake8 is a Python linter that wraps PyFlakes, pycodestyle and Ned Batchelder's McCabe script. **Configuration options:** Enable Flake8 | Flake8 is a Python linter that wraps PyFlakes, pycodestyle and Ned Batchelder's McCabe script. | v7.3.0 Defaults to `true`. **Example configuration:** ```yaml theme={null} reviews: tools: flake8: enabled: true ``` Fortitude is a Fortran linter that checks for code quality and style issues. **Configuration options:** Enable Fortitude | Fortitude is a Fortran linter that checks for code quality and style issues | v0.8.0 Defaults to `true`. **Example configuration:** ```yaml theme={null} reviews: tools: fortitudeLint: enabled: true ``` GitHub Checks integration configuration. **Configuration options:** Enable GitHub Checks \| Enable integration, defaults to true \| Enable GitHub Checks integration. Defaults to `true`. Time in milliseconds to wait for all GitHub Checks to conclude. Default 90 seconds, max 15 minutes (900000ms). Defaults to `90000`. **Example configuration:** ```yaml theme={null} reviews: tools: github-checks: enabled: true ``` Betterleaks is a secret scanner (an improved version of Gitleaks). **Configuration options:** Enable Betterleaks | Betterleaks is a secret scanner (an improved version of Gitleaks). | Enable Betterleaks integration. | v1.1.2 Defaults to `true`. **Example configuration:** ```yaml theme={null} reviews: tools: gitleaks: enabled: true ``` golangci-lint is a fast linters runner for Go. **Configuration options:** Enable golangci-lint | golangci-lint is a fast linters runner for Go. | Enable golangci-lint integration. | v2.12.1 Defaults to `true`. Optional path to the golangci-lint configuration file relative to the repository. Useful when the configuration file is named differently than the default '.golangci.yml', '.golangci.yaml', '.golangci.toml', '.golangci.json'. **Example configuration:** ```yaml theme={null} reviews: tools: golangci-lint: enabled: true config_file: ".golangci.yml" ``` Hadolint is a Dockerfile linter. **Configuration options:** Enable Hadolint | Hadolint is a Dockerfile linter. | Enable Hadolint integration. | v2.14.0 Defaults to `true`. **Example configuration:** ```yaml theme={null} reviews: tools: hadolint: enabled: true ``` HTMLHint is a static code analysis tool for HTML files. **Configuration options:** Enable HTMLHint | HTMLHint is a static code analysis tool for HTML files. | Enable HTMLHint integration. | v1.9.2 Defaults to `true`. **Example configuration:** ```yaml theme={null} reviews: tools: htmlhint: enabled: true ``` LanguageTool is a style and grammar checker for 30+ languages. **Configuration options:** Enable LanguageTool | Enable LanguageTool integration. Defaults to `true`. IDs of rules to be enabled. The rule won't run unless 'level' is set to a level that activates the rule. Defaults to \`\`. IDs of rules to be disabled. Note: EN\_UNPAIRED\_BRACKETS, and EN\_UNPAIRED\_QUOTES are always disabled. Defaults to \`\`. IDs of categories to be enabled. Defaults to \`\`. IDs of categories to be disabled. Note: TYPOS, TYPOGRAPHY, and CASING are always disabled. Defaults to \`\`. Only the rules and categories whose IDs are specified with 'enabledRules' or 'enabledCategories' are enabled. Defaults to `false`. If set to 'picky', additional rules will be activated, i.e. rules that you might only find useful when checking formal text. One of: `default`, `picky` Defaults to `default`. **Example configuration:** ```yaml theme={null} reviews: tools: languagetool: enabled: true level: "default" ``` Configuration for Lua code linting to ensure code quality **Configuration options:** Enable Lua code linting | Luacheck helps maintain consistent and error-free Lua code | v1.2.0 Defaults to `true`. **Example configuration:** ```yaml theme={null} reviews: tools: luacheck: enabled: true ``` markdownlint-cli2 is a static analysis tool to enforce standards and consistency for Markdown files. **Configuration options:** Enable markdownlint | markdownlint-cli2 is a static analysis tool to enforce standards and consistency for Markdown files. | Enable markdownlint integration. | v0.22.1 Defaults to `true`. **Example configuration:** ```yaml theme={null} reviews: tools: markdownlint: enabled: true ``` OpenGrep is a high-performance static code analysis engine, compatible with Semgrep configurations. **Configuration options:** Enable OpenGrep | OpenGrep is a high-performance static code analysis engine for finding security vulnerabilities and bugs across 17+ languages. | v1.20.0 Defaults to `true`. **Example configuration:** ```yaml theme={null} reviews: tools: opengrep: enabled: true ``` OSV Scanner is a tool for vulnerability package scanning. **Configuration options:** Enable OSV Scanner | OSV Scanner is a tool for vulnerability package scanning | v2.3.6 Defaults to `true`. **Example configuration:** ```yaml theme={null} reviews: tools: osvScanner: enabled: true ``` Oxlint is a JavaScript/TypeScript linter for OXC written in Rust. **Configuration options:** Enable Oxlint | Oxlint is a JavaScript/TypeScript linter for OXC written in Rust. | v1.62.0 Defaults to `true`. **Example configuration:** ```yaml theme={null} reviews: tools: oxc: enabled: true ``` PHP CodeSniffer is a PHP linter and coding standard checker. **Configuration options:** Enable PHP CodeSniffer | PHP CodeSniffer is a PHP linter and coding standard checker. | v3.7.2 Defaults to `true`. **Example configuration:** ```yaml theme={null} reviews: tools: phpcs: enabled: true ``` PHPMD is a tool to find potential problems in PHP code. **Configuration options:** Enable PHPMD | PHPMD is a tool to find potential problems in PHP code. | v2.15.0 Defaults to `true`. **Example configuration:** ```yaml theme={null} reviews: tools: phpmd: enabled: true ``` PHPStan is a tool to analyze PHP code. **Configuration options:** Enable PHPStan | PHPStan requires [config file](https://phpstan.org/config-reference#config-file) in your repository root. Please ensure that this file contains the `paths:` parameter. | v2.1.54 Defaults to `true`. Level | Specify the [rule level](https://phpstan.org/user-guide/rule-levels) to run. When set to `default`, the level is determined by the review profile: `chill` uses level 3 (real bugs only — return/property type mismatches, array offset errors) and `assertive` uses level 8 (adds dead code detection, argument type checking, null safety, and typehint checks). This setting is ignored if your configuration file already has a `level:` parameter. One of: `default`, `0`, `1`, `2`, `3`, `4`, `5`, `6`, `7`, `8`, `9`, `max` Defaults to `default`. **Example configuration:** ```yaml theme={null} reviews: tools: phpstan: enabled: true level: "default" ``` PMD is an extensible multilanguage static code analyzer. It’s mainly concerned with Java. **Configuration options:** Enable PMD | PMD is an extensible multilanguage static code analyzer. It’s mainly concerned with Java. | v7.24.0 Defaults to `true`. Optional path to the PMD configuration file relative to the repository. **Example configuration:** ```yaml theme={null} reviews: tools: pmd: enabled: true config_file: "ruleset.xml" ``` Microsoft Presidio Analyzer 2.2.362 detects sensitive identifiers (including payment cards, US SSN, cryptocurrency wallets, and phone numbers) in changed files. Tune entities, thresholds, and languages in repository Presidio configuration (for example .presidiocli or AnalyzerEngineProvider YAML); the built-in scan uses fixed defaults and is skipped when that configuration is present. **Configuration options:** Enable Microsoft Presidio Analyzer for high-signal PII in changed files | v2.2.362 Defaults to `false`. **Example configuration:** ```yaml theme={null} reviews: tools: presidio: enabled: true ``` Configuration for Prisma Schema linting to ensure schema file quality **Configuration options:** Enable Prisma Schema linting | Prisma Schema linting helps maintain consistent and error-free schema files | v0.13.1 Defaults to `true`. **Example configuration:** ```yaml theme={null} reviews: tools: prismaLint: enabled: true ``` PSScriptAnalyzer is a static code checker for PowerShell scripts and modules. **Configuration options:** Enable PSScriptAnalyzer | PSScriptAnalyzer is a static code checker for PowerShell scripts and modules. | v1.25.0 Defaults to `true`. **Example configuration:** ```yaml theme={null} reviews: tools: psscriptanalyzer: enabled: true ``` Pylint is a Python static code analysis tool. **Configuration options:** Enable Pylint | Pylint is a Python static code analysis tool. | v4.0.5 Defaults to `true`. **Example configuration:** ```yaml theme={null} reviews: tools: pylint: enabled: true ``` Regal is a linter and language server for Rego. **Configuration options:** Enable Regal | Regal is a linter and language server for Rego. | v0.40.0 Defaults to `true`. **Example configuration:** ```yaml theme={null} reviews: tools: regal: enabled: true ``` RuboCop is a Ruby static code analyzer (a.k.a. linter ) and code formatter. **Configuration options:** Enable RuboCop | RuboCop is a Ruby static code analyzer (a.k.a. linter ) and code formatter. | v1.86.1 Defaults to `true`. **Example configuration:** ```yaml theme={null} reviews: tools: rubocop: enabled: true ``` Ruff is a Python linter and code formatter. **Configuration options:** Enable Ruff | Ruff is a Python linter and code formatter. | Enable Ruff integration. | v0.15.12 Defaults to `true`. **Example configuration:** ```yaml theme={null} reviews: tools: ruff: enabled: true ``` Semgrep is a static analysis tool designed to scan code for security vulnerabilities and code quality issues. **Configuration options:** Enable Semgrep | Semgrep is a static analysis tool designed to scan code for security vulnerabilities and code quality issues. | Enable Semgrep integration. | v1.161.0 Defaults to `true`. Optional path to the Semgrep configuration file relative to the repository. **Example configuration:** ```yaml theme={null} reviews: tools: semgrep: enabled: true config_file: ".semgrep.yml" ``` ShellCheck is a static analysis tool that finds bugs in your shell scripts. **Configuration options:** Enable ShellCheck | ShellCheck is a static analysis tool that finds bugs in your shell. | Enable ShellCheck integration. | v0.11.0 Defaults to `true`. **Example configuration:** ```yaml theme={null} reviews: tools: shellcheck: enabled: true ``` Configuration for Shopify Theme Check to ensure theme quality and best practices **Configuration options:** Enable Shopify Theme Check | A linter for Shopify themes that helps you follow Shopify theme & Liquid best practices | cli 3.90.0 | theme 3.58.2 Defaults to `true`. **Example configuration:** ```yaml theme={null} reviews: tools: shopifyThemeCheck: enabled: true ``` smarty-lint is a linter for Smarty 3 template files that checks for common issues such as incorrect operator usage, naming conventions, empty blocks, and unquoted strings. **Configuration options:** Enable smarty-lint | smarty-lint is a linter for Smarty 3 template files that checks for common issues such as incorrect operator usage, naming conventions, empty blocks, and unquoted strings. | v0.3.3 Defaults to `true`. **Example configuration:** ```yaml theme={null} reviews: tools: smartyLint: enabled: true ``` SQLFluff is an open source, dialect-flexible and configurable SQL linter. **Configuration options:** Enable SQLFluff | SQLFluff is an open source, dialect-flexible and configurable SQL linter. | v4.1.0 Defaults to `true`. Optional path to the SQLFluff configuration file relative to the repository. Use this when the config file is not named one of SQLFluff's default filenames. **Example configuration:** ```yaml theme={null} reviews: tools: sqlfluff: enabled: true config_file: "custom/.sqlfluff" ``` Stylelint is a linter for stylesheets (CSS, SCSS, Sass, Less, SugarSS, Stylus) that helps avoid errors and enforce conventions. **Configuration options:** Enable Stylelint | Stylelint is a linter for stylesheets (CSS, SCSS, Sass, Less, SugarSS, Stylus) that helps avoid errors and enforce conventions. | Enable Stylelint integration. | v17.10.0 Defaults to `true`. **Example configuration:** ```yaml theme={null} reviews: tools: stylelint: enabled: true ``` SwiftLint integration configuration object. **Configuration options:** Enable SwiftLint | SwiftLint is a Swift linter. | Enable SwiftLint integration. | v0.63.2 Defaults to `true`. Optional path to the SwiftLint configuration file relative to the repository. This is useful when the configuration file is named differently than the default '.swiftlint.yml' or '.swiftlint.yaml'. **Example configuration:** ```yaml theme={null} reviews: tools: swiftlint: enabled: true config_file: ".swiftlint.yml" ``` TFLint is a Terraform linter for finding potential errors and enforcing best practices. **Configuration options:** Enable TFLint | TFLint is a Terraform linter for finding potential errors. | v0.62.0 Defaults to `true`. **Example configuration:** ```yaml theme={null} reviews: tools: tflint: enabled: true ``` Trivy is a comprehensive security scanner that detects misconfigurations and secrets in Infrastructure as Code files **Configuration options:** Enable Trivy for security scanning of IaC files (Terraform, Kubernetes, Docker, etc.) | v0.69.3 Defaults to `true`. **Example configuration:** ```yaml theme={null} reviews: tools: trivy: enabled: true ``` TruffleHog is a secret scanner with verification capabilities that can detect and verify secrets in code. **Configuration options:** Enable TruffleHog | TruffleHog is a secret scanner with verification capabilities. | Enable TruffleHog integration. | v3.95.2 Defaults to `true`. **Example configuration:** ```yaml theme={null} reviews: tools: trufflehog: enabled: true ``` YAMLlint is a linter for YAML files. **Configuration options:** Enable YAMLlint | YAMLlint is a linter for YAML files. | Enable YAMLlint integration. | v1.38.0 Defaults to `true`. **Example configuration:** ```yaml theme={null} reviews: tools: yamllint: enabled: true ``` ## Related resources Complete configuration guide Control reviews with commands