Frequently Asked Questions
Usage and Purpose: Not just another code analysis tool
What can CodeScene do for me?
CodeScene is a quality visualization tool for software. Prioritize technical debt, detect delivery risks, and measure organizational aspects. It's fully automated.
CodeScene's paid plans also integrates with Pull Requests to provide real-time feedback on hotspots that decline in code health. Use this feature as a soft quality gate and as code review input.
CodeScene takes a behavioral view of of your codebase by adding insights into the people side of your code. This means you can detect coordination bottlenecks, simulate upcoming knowledge loss used for off-boarding, and measure how well your organization aligns with Conway's Law. All in one tool.
How does CodeScene compare to traditional code analysis tools?
The main difference between CodeScene and traditional code scanning techniques is that static analysis only works on a snapshot of the codebase. CodeScene considers the temporal dimension and evolution of the whole system. Hence, CodeScene can provide results that focus on the information that is relevant, actionable, and translates directly into business value.
Another significant difference is that CodeScene goes beyond code and analyses the organization and people side of the system. This gives you valuable information that is invisible in the source code itself. As soon as a software project scales beyond a handful of people, organizational factors like knowledge distribution, team coordination, and effective communication lines grow in importance. Using CodeScene, you get direct feedback on these aspects of your codebase and your organization.
My organization is already using tool X/Y/Z -- how does CodeScene fit?
That's good! In fact, many of our users are already using other code analysis tools. Often, these tools complement the information that CodeScene provides. A traditional static analysis tool serves well to catch common coding mistakes or style violations. It's genuinely useful. However, a static analysis will never be able to tell you if some excess code complexity actually matters –- this is where CodeScene’s behavioral code analysis fills an important gap.
We also find that CodeScene's higher-level information, clear priorities, and intuitive visualizations attract a wide range of stakeholders. As such, CodeScene's sweet spot is that we serve the whole engineering organization, not just developers or managers, but both. This enables you to have a conversation around a deeply technical topic like code with your non-technical stakeholders. It's all about communication and shared situational awareness.
Do you support private repositories?
Yes, we do. Check out our plans for details on private GitHub repositories.
We have sensitive data -- what's your take on privacy?
We never share data in private repositories. CodeScene does fetch your repository to perform an analysis and deletes the local copy immediately afterwards. The analysis results are only available to you and the people you chose to invite. You can also delete an analysis project at any time and we make sure all your data is removed.
Our detailed general conditions are available here (PDF).
Can I analyze repositories owned by an organization?
Yes, all plans let you analyze repositories owned by organizations that you are a member of. However, with the free plan you can only analyze public organizational repositories.
Can I analyze codebases that are split across multiple Git repositories?
Yes, CodeScene supports multi-repository analyses.
I've heard about CodeScene's X-Ray analysis. Can I have that one?
CodeScene's X-Ray is an analysis that investigates the evolution of each function or method within a Hotspot. X-Ray is a great tool to prioritize technical debt and lets you refactor large files iteratively guided by data as described here and here.
CodeScene supports X-Ray for Hotspots. Just click on a Hotspot in your Hotspot Map and launch an X-Ray.
How does CodeScene help me measure organizational aspects like Conway's Law?
CodeScene lets you build knowledge maps over your code and measure the potential knowledge loss in your codebase (aka the Bus factor). You can also analyze the development efforts across teams. That team-level measurement lets you inspect how well-aligned your organization and architecture are with respect to Conway's Law. All you have to do is to visit your project's configuration page and define the teams in your organization.
Will you support Bitbucket and GitLab too?
Yes, we already do in CodeScene On-Prem that you can host in a private cloud or in your own data center.
We are also working on adding direct support for other Git providers directly in codescene.io. Stay tuned.
Is there any integration with Pull Requests?
Yes, CodeScene integrates with Pull Requests and triggers analyses automatically. This integration uses the GitHub Checks API, which provides a (soft) quality gate for your hotspots. CodeScene also provides detailed information on possible degradations. This lets you act early on any issues before the code is merged. You'll never miss a hotspot again.
Does CodeScene integrate with any Software Life Cycle Tools or Issue Trackers?
Yes, CodeScene integrates with Jira, Trello, and GitHub Issues. This integration lets you visualize and detect defect-dense modules, as well as putting a cost dimension on top of the findings.
CodeScene’s cost analyses let you reason about the technical and organizational findings from a financial perspective. For example, how much time do you spend on defects in your top hotspots? What amount of work is unplanned? And what happens over time?
This CodeScene integration is a paid feature.
Can I use CodeScene even though we host our own Git repositories?
Sure, check out our on-premise version of CodeScene.
CodeScene on-premise comes packaged as a Docker container and can be hosted in a private cloud.
Plans & Pricing
Do I have to pay for CodeScene?
CodeScene will always be free for open source projects.
We also have a set of paid plans so that you can tailor CodeScene to your needs or analyse private repositories. This allows larger organizations to benefit from advanced analyses like CodeScene's cost metrics and delivery performance measures.
Security & Access
Why do you request write access to GitHub repositories?
Because of how the GitHub API works, we are forced to request read and write access for CodeScene in order to read your code (see repo and public_repo scopes). CodeScene will of course never write any data to the Git repository itself.
Can projects be shared across multiple accounts?Yes, we have two ways to share projects with other CodeScene users.
Organizational accounts are the primary way to share multiple projects with other members of your GitHub organization. When you create a new organizational account you can add/remove organization members in Configuration.
Organization members have access to all projects inside your organization. You can also give a collaborator access to a single project in the "Access Management" section in project configuration using the corresponding email addresses of those accounts. To find the email address, check the "My Account" page of the collaborator.
As a collaborator, you get read access to a project and its analysis results, as well as the ability to run new analyses, and to X-Ray files.
What's your take on security and vulnerabilities?
We work actively to ensure the privacy of your data and information. We also appreciate your help with disclosing security vulnerabilities, and we offer a reward to the first person that reports a vulnerability.
Read more in our Responsible Disclosure Policy.