DocumentationSoftware AuditFile Discovery & Indexing

File Discovery & Indexing

How CodeDD discovers, categorizes, and prepares files for analysis

File Discovery & Indexing

After your repository is connected, CodeDD scans the full tree, calculates metrics, and prepares files for analysis. Everything in the audit cache is encrypted at rest.

What gets scanned

  • Source code (100+ languages)
  • Configuration (Docker, Kubernetes, CI/CD, env files)
  • Infrastructure-as-Code (Terraform, CloudFormation)
  • Documentation and database schemas

What gets excluded

  • Binary files and build outputs (dist, build, target)
  • Version control (.git)
  • Dependencies (node_modules, vendor, venv)
  • Symlinked directories (to avoid duplicate counts)

File categorization

Files are automatically typed as source code, configuration, infrastructure, security-related, or documentation. This drives scope defaults and architecture detection.

Metrics collected

For each file:

  • Lines of code — non-empty code lines, excluding comments and whitespace
  • Documentation lines — comments, docstrings, README content
  • Git metadata — last modified, contributors, commit frequency, churn

Folder-level aggregates roll up LOC, file counts, and language breakdowns for dashboard views.

Audit scope

After discovery, files are marked for deep analysis. You can review and adjust scope in the UI before the audit runs — include or exclude paths, or accept auto-selection defaults that prioritize source and security-relevant files.

Not every indexed file receives LLM analysis. Scope focuses effort on files that matter for due diligence.

Encryption

As files are indexed, content is encrypted in the audit cache using Fernet (AES-128-CBC + HMAC). Plaintext exists only transiently in memory during later analysis stages.

Data Encryption at Rest

Progress tracking

During import, the UI shows files processed, percentage complete, and processing speed so you can monitor large repositories.

Error handling

Individual file failures (permissions, encoding) are logged and skipped — they do not stop the audit. Large files are handled via streaming.

What happens next

Scoped, encrypted files proceed to LLM file analysis, dependency scanning, architecture mapping, and consolidation.

Next steps