Repo Scan
Repository-wide analysis for launch readiness and systemic issues
Repo Scan
Repo Scan provides comprehensive repository-wide analysis to identify systemic issues, security vulnerabilities, and launch readiness gaps that can't be caught by individual PR reviews.
Overview
Unlike PR reviews that focus on specific changes, Repo Scan analyzes your entire codebase to surface:
- Correctness & error handling - Missing guards, unhandled promises, edge cases
- Security & auth - Unsafe patterns, secret handling, API exposure
- Data integrity - Validation gaps, schema mismatches, transaction safety
- External integrations - Missing retry/backoff, idempotency, dependency failures
- Configuration issues - Environment usage, defaults, misconfigurations
How It Works
- Select a repository from your connected repositories
- Choose a branch to analyze (defaults to main/master)
- Optional: Specify paths or modules to focus the scan
- Run the scan - Progress is displayed in real-time
- Review findings with severity, confidence, and evidence
Launch Readiness Score
Every Repo Scan generates a Launch Readiness Score (0-100) based on:
| Factor | Weight |
|---|---|
| Critical findings | 40 points each |
| High findings | 15 points each |
| Medium findings | 5 points each |
| Low findings | 1 point each |
| Scan coverage | Adjusts final score |
Higher scores indicate better production readiness. A score below 70 with critical findings suggests significant risks that should be addressed before launch.
Findings
Repo Scan findings include:
- Severity - Critical, High, Medium, Low, Info
- Category - Correctness, Security, Performance, Maintainability
- Confidence - High, Medium, Low (based on evidence strength)
- Location - File path and line numbers
- Evidence - Code snippets and reasoning
- Suggested fix - Actionable remediation steps
Export Options
Reports can be exported in two formats:
Markdown Report
Human-readable format with executive summary, metrics, and detailed findings.
JSON Report
Machine-readable format for integration with other tools:
{
"meta": {
"repo": "owner/repo",
"run_id": "uuid",
"started_at": "2025-01-27T00:00:00Z",
"completed_at": "2025-01-27T00:15:00Z"
},
"summary": {
"severity_counts": {"critical": 2, "high": 3, "medium": 6, "low": 8},
"confidence_distribution": {"high": 6, "medium": 9, "low": 4},
"launch_readiness_score": 72
},
"findings": [...]
}When to Use Repo Scan
Repo Scan is essential for:
- Pre-launch audits - Before shipping to production
- Security reviews - Periodic security assessments
- Onboarding - Understanding a new codebase
- Technical debt assessment - Prioritizing refactoring efforts
- Compliance - Documenting code quality for audits
Credit Usage
Repo Scan uses credits based on repository size and complexity. Typical usage ranges from 50-200 credits depending on:
- Repository size (number of files)
- Code complexity
- Scan scope (full repo vs. specific paths)
Comparison with PR Review
| Feature | PR Review | Repo Scan |
|---|---|---|
| Scope | Single PR diff | Entire repository |
| Focus | Change-specific issues | Systemic patterns |
| Launch Readiness | N/A | Score provided |
| GitHub posting | Comments on PR | Dashboard only |
| Export | N/A | Markdown & JSON |