A fast, modular CLI tool for scanning codebases to detect non-productive code.
- Features
- Installation
- System Requirements
- Performance Benchmarks
- Usage
- Advanced Usage
- Supported Patterns
- Output Formats
- Architecture
- Development
- Documentation
- Contributing
- Branch Protection
- License
- 🔍 Pattern Detection: Scan for TODO, FIXME, and other customizable patterns
- 📊 Multiple Output Formats: Support for text, JSON, CSV, Markdown, and HTML
- 💾 Persistent Storage: SQLite-based scan history and comparison
- ⚡ High Performance: Parallel processing with Rust and Rayon
- 🏗️ Modular Architecture: Clean separation of concerns across crates
- 🌐 Distributed Scanning: Handle large codebases with distributed processing
- 🔄 Incremental Scanning: Efficient rescanning of changed files only
- 📈 Performance Benchmarking: Built-in benchmarks and optimization recommendations
- 🚀 Production Readiness: Checks and CI/CD integration for production environments
- 🛠️ Custom Detectors: JSON-configurable custom pattern detectors
- ⚙️ Advanced Scanning Options: Streaming, optimized, and metrics-based scanning
- 🏷️ Technology Stack Presets: Presets for web, backend, fullstack, mobile, and systems
- 🌍 Multi-Language Support: Scanning for Rust, JavaScript, TypeScript, Python, Go, Java, C#, PHP and 20+ other programming languages
git clone https://github.com/d-oit/code-guardian
cd code-guardian
cargo build --releaseThe binary will be available at target/release/code-guardian.
cargo install code-guardianThis will download, compile, and install the binary to your Cargo bin directory (usually ~/.cargo/bin/).
- Minimum Rust Version: 1.70.0 (Rust 2021 edition)
- Supported Platforms: Linux, macOS, Windows
- Memory: 50MB+ recommended for large codebases
Code-Guardian is optimized for speed and efficiency. Here are typical performance metrics:
| Metric | Small Project (1k files) | Medium Project (10k files) | Large Project (100k files) |
|---|---|---|---|
| Scan Duration | ~2.3 seconds | ~18.7 seconds | ~2.6 minutes |
| Memory Usage | ~45MB | ~67MB | ~87MB |
| Throughput | ~434 files/second | ~535 files/second | ~641 files/second |
For detailed performance data and optimization recommendations, see Performance Benchmarks.
code-guardian scan /path/to/your/projectcode-guardian history# Text format (default)
code-guardian report 1
# JSON format
code-guardian report 1 --format json
# HTML format
code-guardian report 1 --format htmlcode-guardian compare 1 2 --format markdownBy default, scans are stored in data/code-guardian.db. You can specify a custom database path:
code-guardian scan /path/to/project --db /custom/path/my-scans.db
code-guardian history --db /custom/path/my-scans.db
code-guardian report 1 --db /custom/path/my-scans.db --format jsonRedirect reports to files for further processing:
# Save HTML report to file
code-guardian report 1 --format html > scan-report.html
# Pipe JSON output to jq for filtering
code-guardian report 1 --format json | jq '.matches[] | select(.pattern == "TODO")'
# Export CSV for spreadsheet analysis
code-guardian report 1 --format csv > scan-results.csvCreate a bash script for regular scanning:
#!/bin/bash
# daily-scan.sh
PROJECT_DIR="/path/to/your/project"
DB_PATH="$HOME/code-guardian-scans.db"
echo "Running daily code scan..."
code-guardian scan "$PROJECT_DIR" --db "$DB_PATH"
SCAN_ID=$(code-guardian history --db "$DB_PATH" | tail -1 | awk '{print $2}' | tr -d ',')
echo "Generating reports..."
code-guardian report "$SCAN_ID" --db "$DB_PATH" --format html > "scan-$(date +%Y%m%d).html"
code-guardian report "$SCAN_ID" --db "$DB_PATH" --format json > "scan-$(date +%Y%m%d).json"
echo "Scan complete. Reports saved."Track progress by comparing scans:
# Compare last two scans
LATEST_ID=$(code-guardian history | tail -1 | awk '{print $2}' | tr -d ',')
PREVIOUS_ID=$(code-guardian history | tail -2 | head -1 | awk '{print $2}' | tr -d ',')
code-guardian compare "$PREVIOUS_ID" "$LATEST_ID" --format markdownThe project includes an enhanced CI/CD pipeline that combines the best features from multiple workflows:
- Enhanced CI/CD Workflow (
enhanced-ci.yml): Combines features fromoptimized-ci.yml,security.yml,performance.yml, andauto-fix.yml - Concurrency Controls: Prevents overlapping runs
- Least Privilege Permissions: Enhanced security
- Auto-fix Capabilities: Automatically fixes formatting and clippy issues
- Comprehensive Testing: Cross-platform testing with incremental builds
- Security Scanning: Cargo audit, deny, and security-focused clippy
- Performance Benchmarking: Build time and binary size optimization
- Coverage Thresholds: Enforces 82%+ test coverage
Example integration for scanning TODOs in CI:
# .github/workflows/enhanced-ci.yml
- name: Scan for TODOs
run: |
./code-guardian scan . --db /tmp/scans.db
SCAN_ID=$(./code-guardian history --db /tmp/scans.db | tail -1 | awk '{print $2}' | tr -d ',')
COUNT=$(./code-guardian report "$SCAN_ID" --db /tmp/scans.db --format json | jq '.matches | length')
if [ "$COUNT" -gt 10 ]; then
echo "Too many TODOs found: $COUNT"
exit 1
fiRun performance benchmarks to assess scanning speed and receive optimization recommendations:
code-guardian benchmark --quickPerform production readiness checks with configurable severity levels:
code-guardian production-check --severity highEfficiently rescan only changed files for faster subsequent scans:
code-guardian scan /path --incrementalDistribute scanning across multiple processes for large codebases:
code-guardian scan /path --distributed- TODO: Tasks that need to be completed
- FIXME: Code that needs to be fixed
- HACK: Temporary workarounds
- BUG: Known bugs
- XXX: Critical issues
- PANIC: Rust panic calls
- UNWRAP: Rust unwrap calls
- UNSAFE: Rust unsafe blocks
- Custom Patterns: Define your own patterns via configuration files
Code-Guardian supports custom pattern detectors for detecting project-specific issues:
# Create example custom detectors
code-guardian custom-detectors create-examples
# Scan with custom detectors
code-guardian scan /path/to/project --custom-detectors custom_detectors.json
# List available custom detectors
code-guardian custom-detectors listCustom detectors can detect security vulnerabilities, code quality issues, and more. See the Custom Detectors Guide for details.
- text: Human-readable console output
- json: Machine-readable JSON format
- csv: Spreadsheet-compatible CSV format
- markdown: Documentation-friendly Markdown tables
- html: Web-friendly HTML tables
The project follows a modular architecture with separate crates:
core: Scanning logic, pattern detection, custom detectors, distributed scanning, incremental scanning, performance optimization, enhanced configurationstorage: SQLite database operations, scan persistence, and migrationsoutput: Multiple output format support (text, json, csv, markdown, html)cli: Command-line interface with handlers for scanning, reporting, comparisons, benchmarks, production usage, advanced features
cargo buildcargo testcargo clippycargo fmt- Full Documentation
- Getting Started Tutorial
- Advanced Usage
- Custom Detectors Guide
- Automation Guide
- API Docs (GitHub Pages)
See CONTRIBUTING.md for detailed contribution guidelines.
Quick checklist:
- Follow the guidelines in
AGENTS.md - Keep modules under 500 lines of code
- Maintain 82%+ test coverage
- Use conventional commit messages
To ensure code quality and security, this repository employs branch protection rules aligned with 2025 best practices. These include requiring 2 approvals for pull requests, signed commits, and passing all status checks (such as CI/CD, linting, and tests).
For detailed setup instructions, refer to BRANCH_PROTECTION_SETUP.md.