# Static Code Analysis

We use the following static code analysis tools:

* `golangci-lint` and `eslint` for compile time linting
* [codecov.io](https://codecov.io/gh/argoproj/argo-cd) - for code coverage
* [snyk.io](https://app.snyk.io/org/argoproj/projects) - for image scanning
* [sonarcloud.io](https://sonarcloud.io/organizations/argoproj/projects) - for code scans and security alerts

These are at least run daily or on each pull request.