Integrations

Connect GitHub, GitLab, or Bitbucket repositories

Creating Scans

Set up a code scan for your repository

Manage Scans

Monitor and manage your code scanning jobs

Scan Status

Understand what each scan status means

Scan Profiles

Configure scan settings and target files

Troubleshooting

Fix common problems with code scans

View Scan Results

Review detailed code vulnerability findings

---

Overview

The Code Scanning module in DeepTraQ helps identify security risks in source code, dependencies, and repositories across your development pipeline.

What This Scanner Does

The scanner analyzes code repositories to:

• Detect insecure coding patterns and vulnerabilities using Static Application Security Testing (SAST)
• Identify vulnerable dependencies and libraries
• Detect exposed secrets such as API keys, tokens, and passwords
• Perform Infrastructure as Code (IaC) scanning to identify misconfigurations in Terraform, CloudFormation, and similar files
• Map findings to known CVEs and vulnerability advisories

It combines SAST analysis, dependency scanning, secrets detection, IaC scanning, and DeepTraQ’s vulnerability intelligence to provide comprehensive code security coverage.

When to use this scanner

Use the Code Scanning module when you want to secure code during development or before deployment.

Common use cases include scanning:

• Source code repositories
• Open source dependencies
• Configuration files and infrastructure code

DeepTraQ supports repositories from platforms such as GitHub, GitLab, Bitbucket, as well as local repositories.

What you get

After the scan completes, DeepTraQ provides:

• Detected code vulnerabilities and insecure patterns
• Identified dependency vulnerabilities and outdated libraries
• Exposed secrets and credentials
• Severity-based risk prioritization
• AI-powered remediation guidance

These insights help developers, DevOps teams, and security teams fix vulnerabilities early in the development lifecycle and secure the software supply chain.

---

Supported Programming Languages

DeepTraQ supports static analysis and security scanning across multiple programming languages.

Programming Languages
Java
JavaScript
TypeScript
Python
C
C++
C#
Go
Kotlin
PHP
Ruby
Rust
Swift
HTML
CSS
SQL

---

Supported Dependency Ecosystems

Dependency vulnerability scanning is supported for the following package ecosystems.

Ecosystem
npm (Node.js)
Maven (Java)
pip (Python)
NuGet (.NET)
Composer (PHP)
RubyGems
Go Modules
Swift Packages
Rust Cargo
Pub (Dart / Flutter)
GitHub Actions
Erlang

---

Limitations

Limitation	Description
Repository access required	The scanner requires access to the repository through supported integrations or local upload
One repository per scan	Each scan analyzes a single repository at a time
Binary files not analyzed	Compiled binaries and packaged artifacts are not scanned
Partial language support	Some languages may only support dependency scanning and not full SAST analysis
Large repository performance	Very large repositories may increase scan time depending on file count and complexity
Azure DevOps not supported	Integration with Azure DevOps repositories is currently not supported
CI/CD local agent not supported	Local agents for CI/CD pipelines (Jenkins, GitHub Actions, Travis CI, CircleCI, etc.) are not supported and are under development
Local development scanning not supported	Scanning within local development environments is not supported; only cloud-based scanning is available