Skip to main content
CodeThreat is an autonomous application security platform that combines deterministic security scanning engines with AI-powered agents for comprehensive code analysis and vulnerability detection.

Platform Architecture

CodeThreat operates through two complementary layers: Deterministic Layer: Rule-based security scanning engines perform pattern matching and static analysis across codebases. Agentic Layer: AI agents provide contextual analysis, false positive elimination, and intelligent security reviews.

Pull Request Workflow

Every pull request triggers deterministic scanning and agentic analysis:
  1. Developer creates PR → CodeThreat automatically scans changed files
  2. Deterministic scanning runs (SAST, SCA, Secrets, IaC)
  3. False Positive Elimination filters SAST results
  4. PR Review Agent analyzes PR changes with contextual understanding
  5. Security feedback appears in PR comments
  6. Developer fixes issues and pushes updates

Full Repository Analysis

Agentic SAST performs comprehensive repository analysis:
  1. Full repository scan → Runs deterministic engines and Agentic SAST
  2. Deterministic engines run (SAST, SCA, Secrets, IaC)
  3. False Positive Elimination filters deterministic SAST results
  4. Agentic SAST performs deep analysis with Repository Memory and Vuln Context components
  5. Complete report → All findings combined

Deterministic Detection Engines

Deterministic scanning engines identify security vulnerabilities using established patterns, rules, and vulnerability databases. These work together with agentic analysis for complete security coverage.

Deterministic SAST

Rule-based static analysis for code vulnerabilities. 1,740+ security rules across 27+ languages. Enhanced by False Positive Elimination agent and Agentic SAST deep analysis.

SCA

Dependency vulnerability scanning with CVE matching. Supports all major package managers.

Secrets Detection

Pattern-based detection of exposed credentials, API keys, and sensitive data.

IaC Security

Infrastructure-as-code scanning for configuration misconfigurations and compliance violations.

Agentic Analysis Capabilities

AI agents operate autonomously to provide contextual security analysis beyond deterministic pattern matching.

Agentic SAST

Graph-based code analysis identifying logic flaws, authorization issues, and design failures.

False Positive Elimination

Analyzes deterministic SAST results to reduce false positives through contextual understanding.

PR Reviews

Contextual security analysis of pull requests with impact assessment and remediation guidance.

Security Analysis

On-demand repository security analysis for design issues and architectural vulnerabilities.

How It Works

CodeThreat integrates into your development workflow with three primary scanning modes:

Pull Request Scanning

  • Developer creates PR → Deterministic SAST scans changed files → False Positive Elimination filters results → PR Review Agent provides feedback → Developer fixes issues

Push to Main Branch

  • Code pushed to main → Full branch deterministic scanFalse Positive Elimination → Results in dashboard

Full Repository Analysis

  • Full repository scan → All deterministic enginesFalse Positive EliminationAgentic SAST with Repository Memory and Vuln Context components → Comprehensive report
See detailed workflows above for visual flow diagrams.

Platform Capabilities

Deterministic Security Scanning

  • Deterministic SAST: Rule-based static analysis across 27+ languages, enhanced by False Positive Elimination and Agentic SAST for complex vulnerabilities
  • SCA: Dependency vulnerability scanning across all major package ecosystems
  • Secrets Detection: Pattern-based credential and API key detection
  • IaC Security: Infrastructure configuration scanning for cloud platforms and IaC tools

Agentic Security Analysis

  • Agentic SAST: Deep code analysis using graph-based analysis for complex vulnerabilities
  • False Positive Elimination: Contextual analysis of deterministic SAST results
  • PR Reviews: Intelligent security review of pull requests
  • Security Analysis: On-demand repository security analysis for design issues and architectural vulnerabilities
  • Repository Mapping: Endpoint and database provider identification

Next Steps

Quick Start

Connect repositories and run your first scan

Deterministic SAST

Learn about rule-based static analysis

Agentic SAST

Understand AI-powered code analysis

AI Features

Explore agentic security capabilities

Repository Integration

Connect GitHub, GitLab, Azure DevOps, or Bitbucket

Detection Engines

Learn about deterministic scanning engines