Analysis Configuration

Qlty’s static analysis is highly configurable to maximize the relevancy of your results. Project configuration is through a qlty.toml file which is committed into your Git repository as .qlty/qlty.toml.

If you have the Qlty CLI installed, you can generate an initial configuration by running qlty init. This will look at the file types and configuration files in your repository to generate a baseline configuration.

$
qlty init

Alternatively, you can write your .qlty/qlty.toml file by hand. Here is a minimal starting point that you can check in:

1
config_version = "0"
2
3
exclude_patterns = ["**/node_modules/**"]
4
test_patterns = ["**/test/**"]
5
6
[sources.default]
7
repository = "https://github.com/qltysh/qlty.git"
8
branch = "main"

This configuration will analyze all supported languages for maintainability using the default thresholds.

Excluding files and paths

Qlty is Git-aware and honors .gitignore files. Additional exclude patterns can be specified using glob syntax:

1
# ...
2
exclude_patterns = [
3
    "path/to/file.py",  # Ignore a specific file
4
    "**/generated/**",  # Ignore generated files
5
    "**/*.css"          # Ignore all CSS files
6
]
7
# ...

Maintainability checks and thresholds

Qlty evaluates code maintainability using a set of static analysis checks implemented for all supported programming languages.

These checks have reasonable defaults, and can be customized further. For example:

1
# Disable the "too many return statements" check
2
[smells.return_statements]
3
enabled = false
4
5
# Allow functions with 6 params (all languages)
6
[smells.function_parameters]
7
threshold = 6
8
9
# For Python, allow 7 params
10
[language.python.checks]
11
function_parameters.threshold = 7

Linting and SAST plugins

Plugins extend Qlty with thousands of checks from linters and security scanning tools. Plugin definitions are stored in a Git repository called a Source.

Qlty provides a default source which should be included in your .qlty/qlty.toml as follows. (This is automatically generated if you used qlty init.)

1
# ...
2
3
[sources.default]
4
repository = "https://github.com/qltysh/qlty.git"
5
branch = "main"
6
7
# ...

With your Source specified, you can list available plugins:

$
qlty plugins list

Then, you can activate any available plugin as follows.

$
qlty plugins enable rubocop

Plugin configurations

When running Qlty, plugins are configured using their own analysis configuration files (e.g. .eslintrc).

Plugin configuration files can be stored in the .qlty/configs/ directory in order to keep the root of the repository tidy. Qlty will automatically move them to the correct location when it runs analysis.

Check modes

Qlty’s maintinability analysis, linters, and security scanning plugins run Checks which emit findings called Issues.

By configuring the Mode, you keep developer workflows streamlined while preserving issues for later review. Qlty Cloud uses the Mode to determine the behavior for handling issues.

The Mode can be configured at a Plugin level to one of four options:

1
[[plugin]]
2
name = "osv-scanner"
3
mode = "monitor"

Complete example

1
config_version = "0"
2
3
exclude_patterns = ["**/fixtures/**", "**/generated/**", "*.css"]
4
5
# Code maintainability (structure and duplication) issues
6
# are posted as comments but do not fail Quality Gates
7
[checks]
8
mode = "comment"
9
10
[sources.default]
11
repository = "https://github.com/qltysh/qlty.git"
12
branch = "main"
13
14
[[plugin]]
15
name = "rubocop"
16
version = "1.64.1"
17
18
[[plugin]]
19
name = "hadolint"
20
21
[[plugin]]
22
name = "shellcheck"
23
24
[[plugin]]
25
name = "osv-scanner"
26
mode = "monitor"

More information

• Available Plugins
• Supported Languages
• Project Configuration (qlty.toml) reference