DocumentationSoftware AuditRecommendations Generation

Recommendations Generation

How CodeDD creates actionable remediation guidance

Recommendations Generation

Recommendations are produced during audit consolidation — turning validated findings into prioritized, actionable guidance tied to your codebase.

What recommendations cover

Security remediation — specific vulnerabilities with severity, affected location, and fix guidance (e.g. parameterized queries instead of string concatenation, adding auth checks to exposed endpoints).

Dependency updates — outdated packages with known CVEs, target versions, and breaking-change notes where relevant.

Technical debt — high-complexity functions to refactor, duplication to consolidate, missing error handling.

Architecture — coupling issues, missing abstraction layers, modularity improvements.

Testing — coverage gaps on critical paths, suggested test types (unit, integration, security).

Each recommendation includes priority tier, estimated effort, and rationale.

Prioritization

Recommendations are ranked by severity, confidence, and business impact:

  • P0 — Critical: active security vulnerabilities, data breach risks, production-breaking issues
  • P1 — High: high-severity vulns, important dependency updates, major architecture issues
  • P2 — Medium: code quality improvements, moderate refactoring
  • P3 — Low: style consistency, documentation, minor optimizations

Related fixes are grouped where dependencies exist (e.g. framework upgrade before API migration).

Where to use them

Web dashboard — prioritized list with drill-down to findings and affected files.

Issue Compass — focused remediation slices you can save and work through systematically.

PDF export — executive summary with top recommendations.

CLIcodedd fix for terminal-guided resolution after audit completion.

Exports — JSON/CSV for offline planning; API access for programmatic retrieval.

Tracking progress

Re-run audits and use compare-audits to measure:

  • Issues resolved vs. new findings
  • Code Health Score change
  • Test coverage delta
  • Dependency updates completed

Audits are on your cadence — not automated continuous monitoring.

Planned

  • JIRA / GitHub issue auto-creation (UI currently shows "coming soon")
  • CI/CD webhook triggers for re-audit

Next steps