File Discovery & Indexing
How CodeDD discovers, categorizes, and prepares files for analysis
File Discovery & Indexing
After your repository is connected, CodeDD scans the full tree, calculates metrics, and prepares files for analysis. Everything in the audit cache is encrypted at rest.
What gets scanned
- Source code (100+ languages)
- Configuration (Docker, Kubernetes, CI/CD, env files)
- Infrastructure-as-Code (Terraform, CloudFormation)
- Documentation and database schemas
What gets excluded
- Binary files and build outputs (
dist,build,target) - Version control (
.git) - Dependencies (
node_modules,vendor,venv) - Symlinked directories (to avoid duplicate counts)
File categorization
Files are automatically typed as source code, configuration, infrastructure, security-related, or documentation. This drives scope defaults and architecture detection.
Metrics collected
For each file:
- Lines of code — non-empty code lines, excluding comments and whitespace
- Documentation lines — comments, docstrings, README content
- Git metadata — last modified, contributors, commit frequency, churn
Folder-level aggregates roll up LOC, file counts, and language breakdowns for dashboard views.
Audit scope
After discovery, files are marked for deep analysis. You can review and adjust scope in the UI before the audit runs — include or exclude paths, or accept auto-selection defaults that prioritize source and security-relevant files.
Not every indexed file receives LLM analysis. Scope focuses effort on files that matter for due diligence.
Encryption
As files are indexed, content is encrypted in the audit cache using Fernet (AES-128-CBC + HMAC). Plaintext exists only transiently in memory during later analysis stages.
Progress tracking
During import, the UI shows files processed, percentage complete, and processing speed so you can monitor large repositories.
Error handling
Individual file failures (permissions, encoding) are logged and skipped — they do not stop the audit. Large files are handled via streaming.
What happens next
Scoped, encrypted files proceed to LLM file analysis, dependency scanning, architecture mapping, and consolidation.

