Welcome to CodeStax
CodeStax is an AI-powered code security platform that helps development teams find and fix vulnerabilities before they reach production.
How CodeStax Works
What CodeStax Does
CodeStax combines multiple security scanning engines with AI-powered analysis to provide comprehensive code security coverage:
Key Features
| Feature | Description |
|---|---|
| Smart & Deep Scans | Choose between fast scans for frequent checks or thorough scans for release preparation |
| AI Remediation | Get AI-generated fix suggestions with code examples for every vulnerability |
| CVSS/EPSS Scoring | Industry-standard vulnerability scoring with real-time exploit prediction |
| Vulnerability Correlation | Automatic deduplication of findings detected by multiple scanners |
| Multi-Provider Support | Works with GitHub and Bitbucket repositories |
| PDF Reports | Generate compliance-ready reports (SOC 2, ISO 27001) |
| Team Management | Role-based access control with organization workspaces |
| CI/CD Integration | API keys and webhooks for automated security in your pipeline |
Supported Scanners
| Scanner | Type | What It Finds |
|---|---|---|
| SAST Engine | SAST | OWASP Top 10, CWE vulnerabilities across 30+ languages |
| SCA Engine | SCA | Known CVEs in dependencies across 9 ecosystems |
| Secrets Engine | Secrets | API keys, passwords, tokens, private keys |
| IaC Engine | IaC | Misconfigurations in Terraform, K8s, CloudFormation |
| Container Engine | Container | Dockerfile best practices and security issues |
| Code Quality Engine | Linting | Code quality, security patterns, and static analysis |
Quick Start
Get started in under 5 minutes:
Need Help?
- Browse this documentation for detailed guides
- Check the FAQ for common questions
- Contact support at support@codestax.co