> ## Documentation Index
> Fetch the complete documentation index at: https://docs.safedep.io/llms.txt
> Use this file to discover all available pages before exploring further.
# Code Analysis
> Analyze code and dependency usage patterns with Vet's code analysis features
**EXPERIMENTAL**: This feature is experimental and may introduce breaking changes.
`vet` uses the [code](https://github.com/safedep/code/) analysis framework built on [tree-sitter](https://tree-sitter.github.io/tree-sitter/) parsers. The framework supports multiple languages and source repositories (local and remote), and writes findings to a SQLite database that `vet scan` uses to enrich manifest analysis.
## Build a Code Analysis Database
Build a SQLite database from your source code. The database is a prerequisite for code analysis features in `vet scan`.
```bash theme={null}
vet code scan --app /path/to/app \
--db /tmp/code.db \
--lang python
```
This command analyzes application code recursively in the specified directory and creates a SQLite database with the findings. Omit `--lang` to scan all supported languages.
### Supported Languages
The code analysis framework supports these languages through tree-sitter parsers:
* Python
* JavaScript/TypeScript
* Java
* Go
* And more...
## Scan with Dependency Usage Analysis
Pass the database to `vet scan` via the `--code` flag. Dependency usage analysis is enabled by default when a code database is provided.
```bash theme={null}
vet scan -D /path/to/code --code /tmp/code.db
```
With a code database, `vet scan` adds:
1. **Manifest Analysis**: scans package manifests in the specified directory
2. **Usage Enrichment**: enriches packages with dependency usage data from the database
3. **Evidence-Based Results**: shows a scan summary with usage evidence and `used-in-code` tags for packages confirmed as used in code
## Practical Example
Full workflow for a Python project:
Build the code analysis database for your Python project:
```bash theme={null}
vet code scan --app ./src \
--db ./analysis/code.db \
--lang python
```
Run `vet scan` with the code database:
```bash theme={null}
vet scan -D . \
--code ./analysis/code.db \
--report-json results.json
```
Check the scan results for:
* Dependencies actually used in code vs. declared
* Unused dependencies that could be removed
* Usage patterns and import analysis
## Advanced Usage
### Multi-language Projects
For projects with multiple languages, omit the `--lang` flag:
```bash theme={null}
vet code scan --app ./src --db ./analysis/polyglot.db
```
### Custom Database Locations
Organize databases by project or environment:
```bash theme={null}
# Development environment
vet code scan --app ./src --db ./analysis/dev-code.db
# Production analysis
vet code scan --app ./dist --db ./analysis/prod-code.db
```
### Integration with CI/CD
```yaml theme={null}
# GitHub Actions example
- name: Build Code Analysis DB
run: vet code scan --app ./src --db ./code-analysis.db
- name: Enhanced Security Scan
run: vet scan -D . --code ./code-analysis.db --report-sarif security.sarif
```
## Limitations
This feature is experimental and may have breaking changes. Test before using in production.
Code analysis adds processing time to scans. Weigh the accuracy benefit against the speed cost for your use case.
Code analysis databases can grow large for extensive codebases. Monitor disk usage and remove old databases periodically.
Learn more about the underlying code analysis framework
Understand the parsing technology behind code analysis
See how to identify dependency usage in your code
Access the main Vet documentation and examples