Powerful Analysis Engine

File Scanner

Analyzes 50+ programming languages with role detection and 75+ framework identification. Understands your entire tech stack.

Dependency Graph Builder

Extracts imports and builds directed acyclic graphs with cycle detection. 16 language-specific resolvers map your entire dependency tree.

Symbol Extractor

16 language parsers extract functions, classes, and variables. Builds call graphs, inheritance trees, and detects API endpoints.

Quality Analyzer

8-dimension quality scoring: code structure, code quality, documentation, testing, best practices, security posture, and dependency health.

Credential Scanner

135 regex patterns detect leaked API keys, tokens, and secrets across 200+ cloud services. Prevent credential exposure.

AI Reasoning

LLM-powered analysis for architecture patterns, data flow, and complex logic. Uses Claude, Ollama, or OpenAI for deep understanding.

External Tool Runner

Integrates Trivy, Syft, Grype, Bandit, pip-audit, and RetireJS for comprehensive vulnerability detection.

SAST Engine

Custom taint analysis with 30 rules across 6 languages. All findings mapped to CWE and OWASP categories.

App Store Analyzer

Compliance checks against Google Play, Apple App Store, and Microsoft Store requirements.

Vulnerability Scanner

Real-time OSV API queries and CVE/NVD matching against all detected packages.

License Scanner

Identifies 30+ SPDX licenses. Classifies as permissive, copyleft, or proprietary for compliance.

Cognitive Complexity

SonarSource-style scoring for "how hard to understand" each function and module is.

Duplication Detector

Cross-file duplicate code block detection via rolling hash algorithms.

Tech Debt Estimator

Calculates remediation effort in hours, debt ratio percentage, and A-E debt rating.

DORA Metrics

Deploy frequency, lead time for changes, MTTR, and change failure rate from git history.

OWASP Classifier

Maps all security findings to OWASP Top 10 categories and CWE identifiers.

Quality Gates

Configurable pass/fail thresholds for CI/CD integration and release readiness.

Issue Tracker

Auto-creates issues from findings with full lifecycle management and status tracking.

Scheduled Task Runner

Automated re-checks against new CVEs without full re-analysis.

Incremental Analysis

Scan only changed files using git diff for faster feedback.

Notification System

Email, Slack, and Telegram alerts for critical vulnerabilities.

GitHub App

Auto-analyze on push, post PR comments with findings.

Dashboard Charts

Sparklines, trend lines, and pie charts for all metrics.

IDE Extensions

VS Code and JetBrains plugins with inline findings.