Code Quality Checks

Catch the code problems that slow your team down

Pragma Core scans your codebase for maintainability issues alongside security vulnerabilities. Dead code, duplicated logic, complexity hotspots, and anti-patterns get flagged automatically, so your team can fix them before they compound into larger problems.

Start checking code quality View all features
How it works

Quality checks built into your existing scan workflow

Code quality analysis runs as part of every SAST scan. No separate tools or configuration needed. One scan, two categories of findings.

1
Scans run on every push
Full scans and diff scans already run on your repositories. Code quality checks happen in the same pass, using the same AI engine that handles security analysis.
2
AI identifies real problems
The agent reads your code in context, not just line by line. It understands how functions relate, where logic is repeated, and which patterns will cause trouble as the codebase grows.
3
Findings are categorized and prioritized
Each code quality issue gets a severity rating based on its actual impact on maintainability and reliability. Critical issues that affect production stability surface first.
4
Triage alongside security findings
Code quality findings appear in the same dashboard as security vulnerabilities. Filter by category, push to Jira, and track resolution using the same workflow your team already knows.
What we detect

Issues that linters and rule-based tools miss

Dead code and unused imports
Functions that are never called, variables that are assigned but never read, imports that serve no purpose. The agent traces actual usage across your codebase, not just within a single file.
Complexity hotspots
Methods with too many branches, deeply nested conditionals, and functions that do too many things at once. These are the places where bugs hide and new developers get stuck.
Duplicated logic
Significant blocks of repeated code that should be extracted into shared functions. Not trivial one-liners, but actual logic duplication that makes maintenance harder with every copy.
Anti-patterns and code smells
God classes, long parameter lists, feature envy, and other structural patterns that signal deeper design problems. The agent understands object-oriented and functional patterns, not just syntax.
SOLID violations
Classes handling too many responsibilities, tight coupling between modules, and dependency inversion problems. The kind of issues that make refactoring risky and testing difficult.
Missing error handling
Code paths where failures are likely but not handled: unvalidated external responses, unchecked null returns, swallowed exceptions. These are the spots that crash production at 3 AM.
Hardcoded values
Connection strings, API URLs, magic numbers, and other values embedded directly in source code that should live in configuration. Spotted in context, not by matching string patterns.
Why it matters

Code quality problems are security problems waiting to happen

Reduce the cost of every future change
Complex, duplicated code means every feature takes longer to build and every bug takes longer to fix. Addressing quality issues early keeps development velocity from degrading over time.
Stop bugs before they reach production
Missing error handling and overly complex logic are the most common sources of production incidents. Flagging these patterns during code review prevents outages instead of reacting to them.
Make onboarding faster for new developers
Clean, well-structured code is easier to read and understand. When new team members can navigate the codebase without hitting dead ends and spaghetti logic, they contribute sooner.
One platform for security and quality
No need to maintain separate tools for SAST, SCA, and code quality. Everything runs in the same scan, appears in the same dashboard, and follows the same triage workflow.

Start improving your code quality today

Connect your repositories and let AI agents surface the maintainability issues that slow your team down.

Create free account Sign in