Note
GitHub Code Quality is currently in public preview and subject to change. During public preview, Code Quality will not be billed, although Code Quality scans will consume GitHub Actions minutes.
This article provides definitions for the metrics and ratings used by Code Quality.
You can see the rule-based results for your repository on your Security and quality tab, in the Standard findings tab under " Code quality".
Metric definitions
The following table provides definitions for each metric that is reported for your repository.
| Metric | Definition | Example findings |
|---|---|---|
| Reliability | Assess whether the code performs its intended function correctly, predictably, and consistently. Reliable code is free from bugs, handles errors safely, and operates as expected under normal and edge-case conditions. | Issues with performance, concurrency, error handling, correctness, API design, accessibility, internationalization, or security |
| Maintainability | Assess how easy it is to understand, modify, and extend the code over time. Maintainable code follows best practices, avoids unnecessary complexity, and is organized for ease of future changes and collaboration. | Not using best practices, unused/dead code, duplicate code, complexity, logical redundancies, inadequate documentation, dependency issues |
Severity levels
Severity levels are used to indicate the potential impact or urgency of a code quality finding. They help users prioritize remediation efforts and communicate risks to stakeholders. Severity is determined by the rule that detected the issue, following conventions from CodeQL and industry standards.
| Severity | Definition |
|---|---|
| Error | Indicates a high-severity issue that is likely to cause bugs, failures, or major maintainability risks. |
| Warning | Indicates a moderate-severity issue that may impact code quality or reliability, but is not immediately critical. |
| Note | Indicates a low-severity issue, minor improvement, or recommendation. These findings are useful for ongoing code health and maintainability. |
Ratings definitions
These ratings are used to summarize the overall reliability and maintainability of a repository based on the severity of rule-based results found by CodeQL scans of the full default branch:
| Rating | Definition | Criteria (based on findings) |
|---|---|---|
| Excellent | Codebase demonstrates best practices for reliability and maintainability. | No code quality findings detected |
| Good | Codebase has low-severity issues or minor improvements are suggested. | ≥1 "Note" level finding |
| Fair | Codebase has moderate-severity issues that may impact quality, but are not critical. | ≥1 "Warning" level finding |
| Needs Improvement | Codebase has high-severity issues, including bugs or major maintainability risks. | ≥1 "Error" level finding |
Code coverage
Code coverage measures what percentage of your source code is executed when your test suite runs. Code Quality displays a coverage percentage on pull requests after you upload a Cobertura XML coverage report.
How coverage is calculated
The coverage percentage represents the number of lines covered by tests divided by the total number of lines, expressed as a percentage. Code Quality stores the latest upload for each branch (including the default branch) and compares the PR branch coverage to the default branch coverage.
For example, if your default branch has 44% coverage and your PR branch has 65% coverage, the PR gained 21 percentage points of coverage.
Per-file delta
The per-file breakdown on pull requests shows how coverage changed for each modified file. A positive delta means the file gained coverage on the PR branch compared to the default branch.
To set up code coverage for your repository, see Setting up code coverage for your repository.