Introducing Codacy Skills (Part 2): Configure your scan rules to cut PR noise Codacy launched the Configure Codacy Skill, a tool that automatically tunes pull request scan rules at the repository level to reduce noise from irrelevant findings. The skill detects languages and frameworks, runs an analysis, and disables unnecessary patterns, helping development teams trust their PR checks amid increased code volume from AI coding agents. Introducing Codacy Skills Part 2 : Configure your scan rules to cut PR noise A Pull Request check is only worth having if your team trusts it. The moment people learn to wave past the gate and merge anyway, the gate stops doing its job. That trust is under more pressure than it used to be. Coding agents have multiplied how much code gets written, which means more changed lines per pull request, which, in turn, means more findings to read on the way out. Some of those findings are real and important, but many can be noisy: a linter rule that doesn't fit your stack, a style pattern your team decided against years ago, a security check firing on a generated file nobody edits by hand. Wade through enough of that and the signal you actually care about gets buried. In Part 1 /introducing-codacy-skills-unblock-pull-requests-with-one-prompt , we showed how to clear that noise one pull request at a time: hand the findings to your agent, fix what's real, dismiss the false positives with a logged reason. That works, but it treats the symptom. This post is about the cause. The new Configure Codacy Skill https://github.com/codacy/codacy-skills/blob/master/skills/configure-codacy/SKILL.md tunes the rules underneath, so most of the noise never shows up in the first place. What the skill does Point your agent at a repo and the Configure Codacy Skill tailors the rules to what is actually there. It detects the languages and frameworks in your project, turns on a broad set of tools and patterns, runs an analysis to see the real issue landscape, then cuts the noise using that data. Your agent disables patterns for languages you don't use, deduplicates rules that two different analysis tools both flag, adjusts sensitivity thresholds to match how your code is actually written, and excludes files where the findings aren't yours to fix like generated output you regenerated from somewhere else . The principle is simple: the agent starts broad, then cuts with data. It begins with wide coverage, looks at what the analysis returns, and only then decides what to switch off, working from your codebase and Codacy's own analysis results, against the standard your team already uses, rather than guessing from a generic default. One thing to be clear about up front: The Configure Codacy Skill configures individual repository-level Code Patterns https://docs.codacy.com/repositories-configure/configuring-code-patterns/ . It does not create or change your organization-level Coding Standards https://docs.codacy.com/organizations/using-coding-standards/ . If your org enforces a Coding Standard across repos, those rules take precedence and the skill leaves them alone it will only detach a repo from a coding standard if you explicitly ask it to . So I recommend treating this as repo-level tuning, not a way to rewrite org-wide coding standards. Installing the Configure Codacy Skill If you followed Part 1 /introducing-codacy-skills-unblock-pull-requests-with-one-prompt , most of this is already in place. The Configure Codacy Skill leans on two of our CLIs: the Codacy Analysis CLI does the local work of detecting your stack and running the analysis, and the Codacy Cloud CLI handles the connection to your Codacy account. Both share one set of credentials, so a single login covers them. claude plugin marketplace add codacy/codacy-skills claude plugin install codacy-skills@codacy mailto:codacy-skills@codacy codacy login The skills work with Claude Code, OpenAI Codex, GitHub Copilot, and Gemini CLI through the Agent Skills standard. For the full setup, including the other agents, see the Part 1 walkthrough https://blog.codacy.com/introducing-codacy-skills-unblock-pull-requests-with-one-prompt or the . https://github.com/codacy/codacy-skills Codacy Skills repository Configuring a repo in one prompt You do not need to run the commands yourself, just tell your agent to run the skill, and it works the entire loop: /configure-codacy From there, the agent starts by detecting the stack. Using codacy-analysis init --auto, it enables a wide pattern set filtered to the frameworks you actually use. Based on that ruleset, it runs the analysis locally and reads back the full picture of what has been detected and where. From there, it tunes the rules, dropping the patterns that don't apply, collapsing duplicates, and adjusting thresholds to your code. The loop is quick because it all happens locally. The agent edits the config, re-runs the analysis, and sees the result, with no push and no waiting on a cloud re-scan. You watch it narrow things down as it goes, and you can steer at any point if it cuts something you would rather keep. If you are on the Business plan https://www.codacy.com/pricing , the agent has an extra signal to work with: Codacy flags which findings are likely false positives, and the skill uses that signal to decide what to turn off. The configuration works on every plan, it is just a little more precise where that false-positive data is available for Business plan customers. Cutting noise without dropping security The obvious risk with any noise-reduction pass is that you quietly lose coverage that mattered. The skill has a guardrail for exactly this. Every security risk has to stay covered by at least one active pattern. If two tools both catch hardcoded secrets and one of them is more precise, the agent keeps the precise one and disables the duplicate. The risk is still covered, while the redundant warning is gone. That rule holds even when a security pattern is itself noisy. Rather than switch off a security check to quiet it, the skill keeps it running across your source and trims only the spots where the hit clearly is not real, like a secret scanner firing on a test fixture that holds a dummy credential. The check stays on everywhere it could catch a real problem. Noise reduction never silently removes a security pattern, which is the whole point of being able to trust the result. And, of course, in case you decide to revert any changes, you just tell the agent to do so. Import the results to Cloud Once the code patterns are tuned, the agent imports them to your repo on the Codacy platform. Your next Pull Request runs against the quieter ruleset, and the findings your team sees are the ones actually worth acting on. Every change the agent made is recorded, so you can see what was switched off and why before anything reaches the cloud. What's next The static analysis and security scanning underneath are the same as they have always been. What is new is how little sits between you and a configuration that actually fits your code. Instead of a generic ruleset that someone has to remember to maintain, you get one tuned to your repo by an agent that reads the code, and you get it from the terminal you are already working in. This is the second post in our mini-series on Codacy Skills. Next, we move from configuring Codacy to running it entirely on your machine: scanning and fixing code locally before you push, with no Codacy account required. Stay tuned.