Analyze code and dependency usage patterns with vet’s code analysis features
EXPERIMENTAL: This feature is experimental and may introduce breaking changes.
vet
uses the code analysis framework built on top of tree-sitter parsers. The goal of this framework is to support multiple languages, source repositories (local and remote), and report the findings.
vet
uses these findings to create a Code analysis database, which can be used for enriching and analyzing manifests during scanning.
Analyze code and build a SQLite database for further analysis. This is a prerequisite to enable code analysis features in vet scan
.
Utilizes the code framework to analyze application code recursively in the specified directory
Supports multiple languages - omit --lang
to analyze all supported languages
Creates a SQLite database with reported findings for later use
Uses tree-sitter parsers for accurate code parsing and analysis
The code analysis framework supports multiple programming languages through tree-sitter parsers:
Omit the --lang
parameter to enable analysis of all supported languages automatically.
To enable code analysis features in vet scan
, provide the Code analysis database path using the --code
flag.
Dependency usage analysis is a fundamental feature that’s enabled by default when using a code database.
When using code analysis, vet scan
provides:
used-in-code
tags proving actual library usageHere’s a complete workflow for analyzing a Python project:
Analyze Code
Build the code analysis database for your Python project:
Enhanced Scan
Run vet scan with code analysis integration:
Review Results
Check the scan results for:
By identifying which dependencies are actually used in your code, you can:
Code analysis helps identify:
Enhanced visibility into:
For projects with multiple languages, run analysis without the --lang
flag:
Organize analysis databases by project or environment:
Experimental Status
This feature is experimental and may have breaking changes. Test thoroughly before using in production environments.
Performance Impact
Code analysis adds processing time to scans. Consider the trade-off between accuracy and speed for your use case.
Storage Requirements
Code analysis databases can become large for extensive codebases. Monitor disk usage and clean up old databases regularly.
Learn more about the underlying code analysis framework
Understand the parsing technology behind code analysis
See how to identify dependency usage in your code
Access the main vet documentation and examples