Smart vs Deep Scans
CodeStax offers two scan modes to balance speed and thoroughness.
Smart Scan
Best for: Frequent checks, PR reviews, daily monitoring
Quick analysis focusing on the most common vulnerability patterns. Recommended for frequent scanning.
Characteristics
- Speed: Minutes for most repositories
- Focus: Common vulnerability patterns and security issues
- Cost: Counts as 1 scan against your monthly quota
Deep Scan
Best for: Release preparation, compliance audits, main branch scans
Comprehensive analysis with all security engines and AI enrichment. Recommended for pre-release reviews.
Characteristics
- Speed: Longer, thorough analysis depending on repository size (typically 5–20 min)
- Coverage: Full security posture with AI-powered enrichment
- Secrets: Full git-history scan (Gitleaks against every commit). Smart scans only check current HEAD — deep scans catch secrets that were committed + later removed (the most common real-world case).
- Cost: Counts as 1 scan against your monthly quota
Choosing the Right Scan Type
| Scenario | Recommended |
|---|---|
| Every push to a feature branch | Smart Scan |
| Pull request review | Smart Scan |
| Merge to main/production | Deep Scan |
| Weekly/monthly security audit | Deep Scan |
| Pre-release verification | Deep Scan |
| Quick check during development | Smart Scan |
Default Scan Types
Configure defaults in Settings → General → Scanning Preferences:
- Default Repository Scan Type — Used when clicking “Scan” from the repositories page
- Default PR Scan Type — Used for automated PR reviews
- Default SCA Scan Type — Standard or Enhanced (with AI Enrichment)