Skip to main content

Code Scanners Overview

Overview

DeepTraQ provides multiple security scanners to protect your code repositories from different risk categories. Each scanner targets a specific class of vulnerabilities such as open-source dependency risks, Infrastructure as Code misconfigurations, and hardcoded secrets.

You can select one or more scanners while creating a Code Vulnerability Scan to perform comprehensive security analysis across your code base.

Available Scanners

Software Composition Analysis (SCA)

Identifies known vulnerabilities in third-party and open-source dependencies used in your project.

Key capabilities:

  • Detects CVEs in package manifests and lock files
  • Maps vulnerable versions to fixed versions
  • Provides remediation guidance for upgrades

Recommended for all repositories that use external libraries.

Google OSV Scanner

Detects vulnerabilities in open-source dependencies using the OSV vulnerability database.

Key capabilities:

  • Language-specific vulnerability detection
  • Accurate version matching
  • Lightweight and fast dependency analysis

Useful for ecosystems supported by OSV where precise version tracking is required.

KICS by Checkmarx

Scans Infrastructure as Code (IaC) files to identify:

  • Security misconfigurations
  • Compliance violations
  • Risky cloud resource settings

Supported IaC types include:

  • Terraform
  • CloudFormation
  • Kubernetes manifests
  • Docker configurations

Recommended for repositories containing cloud and infrastructure definitions.

GitLeaks

Detects hardcoded secrets in source code, including:

  • API keys
  • Access tokens
  • Passwords
  • Private keys

Helps prevent credential exposure and unauthorized access.

Choosing the Right Scanner

Use the following guidance when selecting scanners:

  • Select SCA for dependency vulnerability management
  • Select OSV for precise open-source vulnerability detection
  • Select KICS for Infrastructure as Code security and compliance checks
  • Select GitLeaks for secret detection

For comprehensive coverage, enable multiple scanners in a single scan.

Scanner Output

Depending on the scanners selected, results may include:

  • Vulnerable dependencies with CVE references
  • IaC misconfiguration findings with severity
  • Exposed secrets with file path and context
  • Remediation recommendations

Findings are aggregated into a unified report with severity classification and optional AI-generated insights.

Field Reference

FieldDescriptionExample
SCAScans open-source dependencies for known vulnerabilitiesEnabled
OSVDetects vulnerabilities using the OSV databaseEnabled
KICSScans IaC files for misconfigurations and compliance issuesEnabled
GitLeaksDetects hardcoded secrets in source codeEnabled