Analyze code coverage reports with trends and file-level metrics. Part of the DevTools Surf developer suite. Browse more tools in the DevOps / CI-CD collection.
Use Cases
Identify which modules need unit tests added before a major release
Track coverage regressions introduced by new code in a PR
Generate coverage badges and reports for open-source project README
Set coverage thresholds in CI to gate merges below a minimum percentage
Tips
Upload a coverage JSON file (lcov, cobertura, clover formats accepted) — the analyzer parses and displays per-file and per-function coverage percentages
Use the trend chart to track coverage changes across recent commits and identify modules that are regressing
The uncovered lines view prioritizes by impact — files with both low coverage and high change frequency deserve attention first
Fun Facts
Code coverage as a metric dates to the late 1980s when Telcordia Technologies (formerly Bell Labs) developed gcov for C programs. It became mainstream with the rise of unit testing in the late 1990s and early 2000s.
Codecov.io was founded in 2013 and became one of the most widely used coverage reporting services. In 2021 it was compromised in a supply chain attack: attackers modified its bash uploader script and exfiltrated CI environment secrets from thousands of companies.
100% code coverage does not guarantee bug-free code — it means every line was executed during tests, not that every case was tested correctly. Studies show that the relationship between coverage and bug detection saturates around 70-80%.
FAQ
What is a good code coverage target?
80% is the most commonly cited threshold. Below 60% suggests significant gaps. Above 90% has diminishing returns — the effort to reach 100% often produces low-value tests for error paths and trivial code. Focus on critical business logic, not raw percentage.
What is branch coverage vs line coverage?
Line coverage measures which source lines were executed. Branch coverage measures which conditional branches (if/else paths) were taken. Branch coverage is more meaningful — a line can be covered without testing both the true and false cases of an if statement.
Why did Codecov's supply chain attack matter?
The compromised uploader script ran inside CI pipelines with access to environment variables. Those environments often contain API keys, cloud credentials, and other secrets. The attack demonstrated that CI/CD tooling is a high-value supply chain target.
