Cloud Providers

Cloud providers connect to their APIs using your token and read data already collected by your CI/CD pipeline. No additional scans are triggered — the extension only fetches and displays existing results.

Requires at least one push

Most cloud services need at least one git push to your repository before they have data to show. If you haven’t pushed yet or CI hasn’t run, the check returns “No data available.”

Configuration Pattern

All cloud providers follow the same pattern:

"devManager.quality.<provider>.enabled": true,
"devManager.quality.<provider>.token": "your-token-here",
"devManager.quality.<provider>.<extra-key>": "value"

---

SonarCloud

What it checks: Bugs, code smells, security hotspots, duplications, test coverage gate, technical debt.

Cost: Free for public repos. Paid for private.

"devManager.quality.sonarcloud.enabled": true,
"devManager.quality.sonarcloud.token": "sqp_xxxxxxxxxxxx",
"devManager.quality.sonarcloud.org": "my-github-org",
"devManager.quality.sonarcloud.projectKey": "my-github-org_my-repo"

Get a token at sonarcloud.io → My Account → Security.

---

Snyk

What it checks: Dependency CVEs, license violations, code security issues, container image vulnerabilities.

Cost: Free tier (limited scans). Paid for unlimited.

"devManager.quality.snyk.enabled": true,
"devManager.quality.snyk.token": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"devManager.quality.snyk.orgId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"

Get tokens at app.snyk.io → Settings → API token.

---

Codecov

What it checks: Test coverage %, line/branch/function coverage, coverage delta on PRs, coverage trends over time.

Cost: Free for public repos.

"devManager.quality.codecov.enabled": true,
"devManager.quality.codecov.token": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"devManager.quality.codecov.owner": "my-github-org",
"devManager.quality.codecov.repo": "my-repo"

Get a token at codecov.io → Settings → Repository Upload Token.

---

CodeQL

What it checks: Deep semantic vulnerability analysis — finds security issues that surface-level tools miss (SQL injection, path traversal, XSS, etc.).

Cost: Free via GitHub — uses GitHub’s built-in code scanning.

Requires: GitHub Actions workflow with CodeQL analysis (auto-detected from .github/workflows/). No extra token — uses your existing GitHub auth (gh auth login).

"devManager.quality.codeql.enabled": true

---

Codacy

What it checks: Automated code review — complexity, duplication, code style, security patterns, coverage integration.

Cost: Free for public repos.

"devManager.quality.codacy.enabled": true,
"devManager.quality.codacy.token": "xxxxxxxxxxxxxxxxxxxx"

Get a token at app.codacy.com → Account → API Tokens.

---

CodeClimate

What it checks: Maintainability score (A–F), technical debt estimate, test coverage, code duplication.

Cost: Free for public repos.

"devManager.quality.codeclimate.enabled": true,
"devManager.quality.codeclimate.token": "xxxxxxxxxxxxxxxxxxxx"

Get a token at codeclimate.com → Account Settings → API Access Tokens.

---

Coveralls

What it checks: Test coverage trends over time, per-file coverage breakdown, coverage badge.

Cost: Free for public repos.

"devManager.quality.coveralls.enabled": true,
"devManager.quality.coveralls.token": "xxxxxxxxxxxxxxxxxxxx"

---

DeepSource

What it checks: Automatically detects and can auto-fix issues across 30+ languages — performance, correctness, security, anti-patterns.

Cost: Free for public repos.

"devManager.quality.deepsource.enabled": true,
"devManager.quality.deepsource.token": "xxxxxxxxxxxxxxxxxxxx"

Get a token at app.deepsource.com → Settings → API tokens.

---

CodeAnt AI

What it checks: Anti-patterns, code smells, code health trends, refactoring suggestions.

Cost: Free tier available.

"devManager.quality.codeant.enabled": true,
"devManager.quality.codeant.token": "xxxxxxxxxxxxxxxxxxxx"

---

Aikido Security

What it checks: SAST, SCA (dependency vulnerabilities), IaC security, secret detection, malicious dependency detection.

Cost: Free tier available.

"devManager.quality.aikido.enabled": true,
"devManager.quality.aikido.token": "xxxxxxxxxxxxxxxxxxxx"

---

CodeRabbit

What it checks: AI-powered PR review with line-level comments, code improvement suggestions, summary of changes.

Cost: Free tier available.

"devManager.quality.coderabbit.enabled": true,
"devManager.quality.coderabbit.token": "xxxxxxxxxxxxxxxxxxxx"

---

Greptile

What it checks: AI-powered codebase understanding — answers questions about your code, finds relevant files, explains architecture.

Cost: Paid.

"devManager.quality.greptile.enabled": true,
"devManager.quality.greptile.token": "xxxxxxxxxxxxxxxxxxxx"

---

Cubic

What it checks: Code metrics dashboard — complexity, coupling, cohesion, size trends over commits.

Cost: Free tier available.

"devManager.quality.cubic.enabled": true,
"devManager.quality.cubic.token": "xxxxxxxxxxxxxxxxxxxx"

---

Qodo

What it checks: AI test generation and coverage improvement suggestions — finds gaps in your test suite.

Cost: Free tier available.

"devManager.quality.qodo.enabled": true,
"devManager.quality.qodo.token": "xxxxxxxxxxxxxxxxxxxx"

---

Qlty

What it checks: Unified quality platform — issues, coverage, duplication, trends. Aggregates data from multiple sources.

Cost: Free tier available.

"devManager.quality.qlty.enabled": true,
"devManager.quality.qlty.token": "xxxxxxxxxxxxxxxxxxxx"

---

All Cloud Providers at a Glance

Provider	Focus	Free for public?
SonarCloud	Bugs, smells, security	✅
Snyk	CVE, licenses, security	✅ (limited)
Codecov	Coverage trends	✅
CodeQL	Deep semantic SAST	✅ (GitHub)
Codacy	Automated review	✅
CodeClimate	Maintainability	✅
Coveralls	Coverage tracking	✅
DeepSource	Auto-fix, 30+ langs	✅
CodeAnt AI	Anti-patterns	Free tier
Aikido	SAST + SCA + IaC	Free tier
CodeRabbit	AI PR review	Free tier
Greptile	AI codebase Q&A	Paid
Cubic	Metrics dashboard	Free tier
Qodo	AI test generation	Free tier
Qlty	Unified platform	Free tier