The Basics

This document shows the basic concepts of DeepScan service.

DeepScan inspects JavaScript codes in terms of code quality. Like many other code inspection services, DeepScan provides a dashboard, showing the status of the project analyzed, and an explorer, showing all of the repositories and projects you have.

User Menu

When you click on your GitHub avatar at top right corner, you can choose to navigate to the available sections.

  • PROJECTS You can see all the projects you have analyzed.
  • REPOSITORIES You can see all the user repositories in your GitHub. Organization repositories will not be shown.
  • SETTINGS You can delete your account in this account setting.
  • LOG OUT You can log out of the service. Please, do come again.

User Menu

Project Dashboard

Project Dashboard shows you an overview of project quality status.

For detailed information, click here.


If you add your GitHub repository as a project, DeepScan will try to analyze your code and configure your repository with webhooks. The following describe this:

  1. We create a project for the repository.
  2. We configure your repository on GitHub with webhooks. So, we will continuously analyze your repository as commits are pushed.
  3. We try to analyze your repository by fetching the default branch. It can take a few minutes when the repository is large or the service is busy for other requests.

Note: DeepScan supports up to 200 public repositories and 1 private repository by default.

Basically, the following JavaScript and TypeScript files in the project are analyzed.

  • *.js
  • *.jsx
  • *.ts
  • *.tsx
  • *.vue

Exclusion from Analysis

While DeepScan tries to analyze all the JavaScript and TypeScript files, the following are automatically excluded from the analysis:

  • All files under node_modules and bower_components directory.
  • Minified file: *.min.js, *-min.js, *_min.js or when average line length is greater than 200.
  • Automatically generated *.js files from TypeScript files.
  • Files over 30,000 lines.
  • Files over 1.5 MB in size.
  • Lines with length greater than 400.

In the first analysis, it's likely that third-party libraries, test and distribution files are included and the result is somehow distorted.

For excluding files and folders, see this documentation.

Understanding the Analysis Result

We analyze JavaScript code according to the pre-defined rule set. You can see the applied rules by choosing Settings > Rules in the project dashboard.

project rules

You can choose which rules to apply by selecting and de-selecting them.

Note: For now, you need to reanalyze the project for the changed rules to take effect.

For more information about rules, see Rules.

After analyzing by the rules, we calculate project’s overall grade by aggregating the issues detected. A grade represents status on your project measured by issue density—i.e., the number of issues per thousand lines of code.

And you can use this grade as a badge like badge.

Copy markdown or html snippet in the Overview of project dashboard into where you want to add, like README file in the GitHub repository. With this badge, you can check the latest status and navigate to the dashboard when you click.

Organization Repository

In the left of Repositories view, you can see your organizations.

Note: To analyze organization repositories, you need to grant DeepScan third-party access to your organizations. Please check Connection with DeepScan on GitHub.

Organization repositories

Once granted, you can do the following:

  • See your organizations.
  • See the repositories in each organization.
  • Add the project you want to analyze.

In general, only owners of an organization can add webhook for the repository. When a member of an organization adds a project, webhook cannot be added and automatic analysis is not enabled.

For this case, we provide Update button on the right of your project name. You can trigger manual analysis of the latest repository sources.

Update project

GitHub's OAuth Scope

DeepScan is tightly integrated with GitHub.

Using GitHub's OAuth service, DeepScan does the following to analyze your GitHub repositories:

  • Read a user's email address

  • Retrieve all public repositories of a user

  • Add and delete webhooks

The following are the permissions that DeepScan requests:

  • user:email

    Allows DeepScan to read a user's email address to send notifications.

  • repo

    Allows DeepScan to read a user's repositories (including organization repositories) and configure repository with webhooks. Webhooks allow DeepScan to continuously analyze the repository as commits are pushed.

Please refer to GitHub Developer Guide for more information.

Support other than GitHub

While we have a long roadmap to support Bitbucket, DeepScan currently supports only GitHub.

When you use Bitbucket, try the following editor plugins as a workaround:

You can inspect your local file in the editor.

We will improve and also plan to provide Node.js package as a CLI tool to the partners.