Skip to content

rogdooley/CodeGauge

BranchesTags

Repository files navigation

CodeGauge

CodeGauge is a deterministic, local-first code quality and security analysis platform.

Supported Languages

  • Python
  • JavaScript / TypeScript
  • Java
  • Go
  • PHP
  • Secrets domain scanning

Install

uv sync
uv run codegauge --help

Scanner prerequisites and install helper:

./install-scanners.sh --help
./install-scanners.sh --profile core --init-config

See SCANNER_INSTALL.md for generic and language-specific setup.

Quickstart

uv run codegauge scan .
uv run codegauge scan . --json
uv run codegauge secrets scan .

When scanning an unmanaged local project (no .codegauge.toml and no common linter config), CodeGauge shows a bootstrap hint to initialize baseline config files.

Secrets Pattern Override (Add/Remove Only)

[secrets]
ignored_sensitive_patterns_add = [
  "*.mobileprovision",
  "vault.json",
]
ignored_sensitive_patterns_remove = [
  "*.sqlite",
]

CodeGauge keeps secure built-in defaults, then applies additions and removals deterministically.

Report

CodeGauge writes artifacts and a static portal under your configured report_root (default ~/Documents/CodeGauge).

Sample report path:

~/Documents/CodeGauge/index.html

Screenshots

Main Page

CodeGauge main page

Project Page

CodeGauge project page

Report Page

CodeGauge report page

Details Page

CodeGauge details page

Why Deterministic Analysis

  • Stable scope and finding ordering.
  • Stable policy reason codes.
  • Predictable CI and portfolio reporting.

License

Apache-2.0

About

Multi-language code quality and security scanner that generates actionable HTML reports for developers and teams.

Resources

Readme

Security policy

Security policy
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages