Detekt

Static code analysis tool for Kotlin — the standard linter and code smell detector for Kotlin projects. Detekt analyzes Kotlin source code for: complexity metrics (cyclomatic complexity, cognitive complexity), code smells (long methods, large classes, magic numbers), potential bugs (null safety violations, empty catch blocks), naming conventions, performance issues, and coroutine misuse. Configurable via detekt.yml, integrates with Gradle/Maven as build task, IDE plugins, and GitHub Actions. Supports custom rule sets for project-specific standards. Replaces Checkstyle for Kotlin codebases.

Evaluated Mar 06, 2026 (0d ago) v1.23.x
Homepage ↗ Repo ↗ Developer Tools kotlin static-analysis linting code-quality gradle android security metrics
⚙ Agent Friendliness
69
/ 100
Can an agent use this?
🔒 Security
95
/ 100
Is it safe for agents?
⚡ Reliability
86
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
--
Documentation
85
Error Messages
88
Auth Simplicity
100
Rate Limits
100

🔒 Security

TLS Enforcement
98
Auth Strength
98
Scope Granularity
95
Dep. Hygiene
90
Secret Handling
92

Static analysis — no network exposure. Detekt security rules detect hardcoded credentials and insecure patterns. No sensitive data processed by the tool itself.

⚡ Reliability

Uptime/SLA
88
Version Stability
85
Breaking Changes
82
Error Recovery
90
AF Security Reliability

Best When

You're building a Kotlin project (Android, Ktor, Spring Boot with Kotlin) and want automated code quality enforcement, complexity limits, and Kotlin-specific lint rules in CI.

Avoid When

You're in a pure Java project (use Checkstyle/PMD), you don't have CI/CD where Detekt can run, or your team is too early-stage for code quality tooling overhead.

Use Cases

  • Enforce agent codebase quality standards in Kotlin — Detekt CI checks prevent complex agent code from merging; cyclomatic complexity rules keep agent logic maintainable
  • Detect Kotlin coroutine misuse in agent services — Detekt's coroutines rule set catches GlobalScope.launch, runBlocking in coroutines, and improper suspend function usage
  • Automate Kotlin code review with Detekt GitHub Actions — fail PRs with new code smells, generate SARIF reports for GitHub Security tab
  • Enforce naming conventions and formatting in agent Kotlin codebase — VariableNaming, FunctionNaming, ClassNaming rules enforce team style guide automatically
  • Measure agent codebase complexity trends over time — Detekt complexity metrics in CI reports track if agent code becomes harder to maintain

Not For

  • Java code analysis — use Checkstyle, PMD, or SpotBugs for Java; Detekt is Kotlin-specific
  • Runtime bug detection — Detekt is static analysis; use runtime monitoring or property-based testing for runtime agent behavior bugs
  • Code formatting (vs lint) — use ktlint for code formatting; Detekt overlaps in style rules but ktlint is the formatter of choice; use both together

Interface

REST API
No
GraphQL
No
gRPC
No
MCP Server
No
SDK
Yes
Webhooks
No

Authentication

Methods: none
OAuth: No Scopes: No

Static analysis tool — no auth concepts. Runs locally or in CI.

Pricing

Model: open_source
Free tier: Yes
Requires CC: No

Detekt is Apache 2.0 licensed, community-maintained. Free for all use.

Agent Metadata

Pagination
none
Idempotent
Full
Retry Guidance
Not documented

Known Gotchas

  • detekt.yml configuration required for useful results — default rules include many style rules teams may disagree with; create detekt.yml in project root to disable/configure rules; running with defaults generates noise that reduces signal
  • Baseline file for existing code — new Detekt adoption on existing codebases generates hundreds of findings; use ./gradlew detektBaseline to create baseline.xml that ignores existing issues; only new code violations fail the build
  • Type resolution requires classpath — some Detekt rules (return type checks, type binding checks) require type resolution; enable with classpath = (sourceSets.main.get().compileClasspath) in Gradle; without this, type-aware rules are skipped
  • Custom rule sets require separate module — custom Detekt rules live in a separate Gradle module; the module must be a Java/Kotlin library (not Android); detekt Gradle plugin discovers rules via ServiceLoader; setup requires publishing rules module or local file reference
  • Detekt with Android Gradle Plugin — detekt tasks run per variant (debug, release); configure once for all variants in detekt { } block or per-variant task; duplicate reports from variant-specific runs can be confusing
  • SARIF output format for GitHub — enable sarif report in Gradle config for GitHub Advanced Security integration; SARIF findings appear in Pull Request security alerts; ensure sarif output directory matches GitHub Actions expected path

Alternatives

ktlint-api android-lint-api sonarqube-api

Full Evaluation Report

Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for Detekt.

$99
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-06.

5215
Packages Evaluated
26151
Need Evaluation
173
Need Re-evaluation
Community Powered