> ## Documentation Index
> Fetch the complete documentation index at: https://docs.codethreat.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Overview

> Autonomous AppSec platform combining deterministic security scanning with agentic analysis for contextual vulnerability detection and false positive elimination.

CodeThreat is an autonomous application security platform that combines deterministic security scanning engines with AI-powered agents for comprehensive code analysis and vulnerability detection.

## Platform Architecture

CodeThreat operates through two complementary layers:

**Deterministic Layer**: Rule-based security scanning engines perform pattern matching and static analysis across codebases.

**Agentic Layer**: AI agents provide contextual analysis, false positive elimination, and intelligent security reviews.

```mermaid theme={null}
graph LR
    A[Your Code] --> B[Deterministic<br/>Scanning]
    B --> C[SAST + SCA + Secrets + IaC]
    C --> D[SAST Results]
    D --> E[False Positive<br/>Elimination]
    
    A --> F[Agentic SAST]
    F --> G[Repository<br/>Memory]
    F --> H[Vuln Context]
    
    A --> I[PR Review Agent<br/>PR Analysis]
    
    style B fill:#9449FE,stroke:#6627F9,color:#fff
    style C fill:#9449FE,stroke:#6627F9,color:#fff
    style E fill:#6627F9,stroke:#9449FE,color:#fff
    style F fill:#6627F9,stroke:#9449FE,color:#fff
    style G fill:#6627F9,stroke:#9449FE,color:#fff
    style H fill:#6627F9,stroke:#9449FE,color:#fff
    style I fill:#6627F9,stroke:#9449FE,color:#fff
```

***

## Pull Request Workflow

Every pull request triggers deterministic scanning and agentic analysis:

```mermaid theme={null}
flowchart LR
    A[Developer<br/>Creates PR] --> B[Deterministic<br/>Scan]
    B --> C[SAST Results]
    C --> D[False Positive<br/>Elimination]
    A --> E[PR Review<br/>Agent]
    D --> F[Verified<br/>Results]
    E --> F
    
    style B fill:#9449FE,stroke:#6627F9,color:#fff
    style D fill:#6627F9,stroke:#9449FE,color:#fff
    style E fill:#6627F9,stroke:#9449FE,color:#fff
```

1. **Developer creates PR** → CodeThreat automatically scans changed files
2. **Deterministic scanning** runs (SAST, SCA, Secrets, IaC)
3. **False Positive Elimination** filters SAST results
4. **PR Review Agent** analyzes PR changes with contextual understanding
5. **Security feedback** appears in PR comments
6. **Developer fixes** issues and pushes updates

***

## Full Repository Analysis

Agentic SAST performs comprehensive repository analysis:

```mermaid theme={null}
flowchart TB
    A[Full Repository<br/>Scan] --> B[Deterministic<br/>Engines]
    A --> C[Agentic SAST]
    B --> D[SAST Results]
    D --> E[False Positive<br/>Elimination]
    C --> F[Repository<br/>Memory]
    C --> G[Vuln Context]
    E --> H[Complete<br/>Report]
    F --> H
    G --> H
    
    style B fill:#9449FE,stroke:#6627F9,color:#fff
    style C fill:#6627F9,stroke:#9449FE,color:#fff
    style E fill:#6627F9,stroke:#9449FE,color:#fff
    style F fill:#6627F9,stroke:#9449FE,color:#fff
    style G fill:#6627F9,stroke:#9449FE,color:#fff
```

1. **Full repository scan** → Runs deterministic engines and Agentic SAST
2. **Deterministic engines** run (SAST, SCA, Secrets, IaC)
3. **False Positive Elimination** filters deterministic SAST results
4. **Agentic SAST** performs deep analysis with **Repository Memory** and **Vuln Context** components
5. **Complete report** → All findings combined

***

## Deterministic Detection Engines

Deterministic scanning engines identify security vulnerabilities using established patterns, rules, and vulnerability databases. These work together with agentic analysis for complete security coverage.

<CardGroup cols={2}>
  <Card title="Deterministic SAST" icon="code" href="/platform/sast">
    Rule-based static analysis for code vulnerabilities. 1,740+ security rules across 27+ languages. Enhanced by False Positive Elimination agent and Agentic SAST deep analysis.
  </Card>

  <Card title="SCA" icon="box" href="/platform/sca">
    Dependency vulnerability scanning with CVE matching. Supports all major package managers.
  </Card>

  <Card title="Secrets Detection" icon="key" href="/platform/secret-detection">
    Pattern-based detection of exposed credentials, API keys, and sensitive data.
  </Card>

  <Card title="IaC Security" icon="server" href="/platform/iac-security">
    Infrastructure-as-code scanning for configuration misconfigurations and compliance violations.
  </Card>
</CardGroup>

***

## Agentic Analysis Capabilities

AI agents operate autonomously to provide contextual security analysis beyond deterministic pattern matching.

<CardGroup cols={2}>
  <Card title="Agentic SAST" icon="brain-circuit" href="/platform/agentic-sast">
    Graph-based code analysis identifying logic flaws, authorization issues, and design failures.
  </Card>

  <Card title="False Positive Elimination" icon="filter" href="/ai/false-positive-elimination">
    Analyzes deterministic SAST results to reduce false positives through contextual understanding.
  </Card>

  <Card title="PR Reviews" icon="code-pull-request" href="/ai/pr-reviews">
    Contextual security analysis of pull requests with impact assessment and remediation guidance.
  </Card>

  <Card title="Security Analysis" icon="magnifying-glass-chart" href="/ai/security-analysis">
    On-demand repository security analysis for design issues and architectural vulnerabilities.
  </Card>
</CardGroup>

***

## How It Works

CodeThreat integrates into your development workflow with three primary scanning modes:

### Pull Request Scanning

* Developer creates PR → **Deterministic SAST** scans changed files → **False Positive Elimination** filters results → **PR Review Agent** provides feedback → Developer fixes issues

### Push to Main Branch

* Code pushed to main → Full branch **deterministic scan** → **False Positive Elimination** → Results in dashboard

### Full Repository Analysis

* Full repository scan → All **deterministic engines** → **False Positive Elimination** → **Agentic SAST** with **Repository Memory** and **Vuln Context** components → Comprehensive report

See detailed workflows above for visual flow diagrams.

***

## Platform Capabilities

### Deterministic Security Scanning

* **Deterministic SAST**: Rule-based static analysis across 27+ languages, enhanced by **False Positive Elimination** and **Agentic SAST** for complex vulnerabilities
* **SCA**: Dependency vulnerability scanning across all major package ecosystems
* **Secrets Detection**: Pattern-based credential and API key detection
* **IaC Security**: Infrastructure configuration scanning for cloud platforms and IaC tools

### Agentic Security Analysis

* **Agentic SAST**: Deep code analysis using graph-based analysis for complex vulnerabilities
* **False Positive Elimination**: Contextual analysis of deterministic SAST results
* **PR Reviews**: Intelligent security review of pull requests
* **Security Analysis**: On-demand repository security analysis for design issues and architectural vulnerabilities
* **Repository Mapping**: Endpoint and database provider identification

***

## Next Steps

<CardGroup cols={2}>
  <Card title="Quick Start" icon="rocket" href="/quickstart">
    Connect repositories and run your first scan
  </Card>

  <Card title="Deterministic SAST" icon="code" href="/platform/sast">
    Learn about rule-based static analysis
  </Card>

  <Card title="Agentic SAST" icon="brain-circuit" href="/platform/agentic-sast">
    Understand AI-powered code analysis
  </Card>

  <Card title="AI Features" icon="brain" href="/ai/overview">
    Explore agentic security capabilities
  </Card>

  <Card title="Repository Integration" icon="code-branch" href="/integrations/overview">
    Connect GitHub, GitLab, Azure DevOps, or Bitbucket
  </Card>

  <Card title="Detection Engines" icon="shield-halved" href="/platform/sca">
    Learn about deterministic scanning engines
  </Card>
</CardGroup>
