Skip to main content

Overview

KafkaCode supports 7 major programming languages commonly used in modern application development. The scanner automatically detects file types and applies appropriate analysis techniques.

Supported Languages

Python

.py filesFull support for Python 2 and 3

JavaScript

.js filesES5, ES6+, Node.js, Browser JS

TypeScript

.ts filesAll TypeScript versions

Java

.java filesJava 8 through Java 21

Go

.go filesAll Go versions

Ruby

.rb filesRuby 2.x and 3.x

PHP

.php filesPHP 7.x and 8.x

Language-Specific Features

Python

  • Detection
  • Best Practices
  • Frameworks
What KafkaCode detects in Python:
# ❌ Secrets detection
AWS_ACCESS_KEY = "AKIAIOSFODNN7EXAMPLE"
db_password = "mypassword123"

# ❌ PII detection
user_email = "[email protected]"
phone = "+1-555-123-4567"

# ❌ Sensitive assignments
SECRET_KEY = "django-insecure-key"
API_KEY = "sk_live_abc123..."

JavaScript / TypeScript

  • Detection
  • Best Practices
  • Frameworks
What KafkaCode detects in JS/TS:
// ❌ Hardcoded secrets
const apiKey = 'sk_live_abc123...';
const dbUrl = 'mongodb://user:pass@localhost';

// ❌ PII in code
const adminEmail = '[email protected]';
const userPhone = '+1-555-0123';

// ❌ Exposed tokens
const githubToken = 'ghp_abc123...';

Java

  • Detection
  • Best Practices
  • Frameworks
What KafkaCode detects in Java:
// ❌ Hardcoded credentials
String apiKey = "AKIAIOSFODNN7EXAMPLE";
String password = "mypassword123";

// ❌ Connection strings
String dbUrl = "jdbc:postgresql://localhost/db?user=admin&password=pass";

// ❌ PII in constants
private static final String ADMIN_EMAIL = "[email protected]";

Go

  • Detection
  • Best Practices
  • Frameworks
What KafkaCode detects in Go:
// ❌ Hardcoded secrets
const apiKey = "sk_live_abc123..."
var dbPassword = "mypassword"

// ❌ Connection strings
dsn := "user:password@tcp(localhost:3306)/db"

// ❌ API tokens
token := "ghp_abc123..."

Ruby

  • Detection
  • Best Practices
  • Frameworks
What KafkaCode detects in Ruby:
# ❌ Hardcoded credentials
api_key = "sk_live_abc123..."
db_password = "mypassword"

# ❌ PII in code
admin_email = "[email protected]"

# ❌ Secret tokens
secret_token = "abc123..."

PHP

  • Detection
  • Best Practices
  • Frameworks
What KafkaCode detects in PHP:
// ❌ Hardcoded secrets
$apiKey = "sk_live_abc123...";
$dbPassword = "mypassword";

// ❌ Connection strings
$dsn = "mysql:host=localhost;dbname=db;user=admin;password=pass";

// ❌ PII exposure
define('ADMIN_EMAIL', '[email protected]');

File Type Recognition

KafkaCode automatically recognizes files by extension:
ExtensionLanguageSupported
.pyPython✅ Yes
.jsJavaScript✅ Yes
.tsTypeScript✅ Yes
.jsxJavaScript (React)✅ Yes
.tsxTypeScript (React)✅ Yes
.javaJava✅ Yes
.goGo✅ Yes
.rbRuby✅ Yes
.phpPHP✅ Yes
.cC❌ Not yet
.cppC++❌ Not yet
.csC#❌ Not yet
.swiftSwift❌ Not yet
.ktKotlin❌ Not yet
.rsRust❌ Not yet
More languages are coming soon! Check our roadmap for upcoming support.

Ignored Files & Directories

KafkaCode automatically skips:

Built-in Ignores

Version Control

  • .git/
  • .svn/
  • .hg/

Dependencies

  • node_modules/
  • vendor/
  • bower_components/

Python

  • venv/
  • .venv/
  • __pycache__/
  • .pytest_cache/
  • *.pyc

Build Outputs

  • build/
  • dist/
  • target/
  • out/
  • .next/

Gitignore Support

KafkaCode automatically respects your .gitignore: 
# .gitignore
*.env
secrets/
config/local.js
*.key
*.pem
All files matching these patterns are automatically excluded from scanning.

Multi-Language Projects

KafkaCode handles polyglot repositories seamlessly: 
project/
├── backend/          # Python + Go
   ├── api.py
   └── server.go
├── frontend/         # TypeScript + React
   ├── App.tsx
   └── utils.ts
├── mobile/          # Java (Android)
   └── MainActivity.java
└── scripts/         # Ruby + PHP
    ├── deploy.rb
    └── migrate.php
All files are scanned with appropriate language-specific rules.

Language-Specific Patterns

Each language has custom detection patterns:
  • Django SECRET_KEY detection
  • Flask app.secret_key patterns
  • SQLAlchemy connection strings
  • Environment variable misuse
  • process.env misuse detection
  • JWT secret patterns
  • API key in fetch/axios calls
  • LocalStorage/Cookie PII
  • JDBC connection string patterns
  • Spring @Value misuse
  • Properties file secrets
  • Hibernate credentials
  • Connection DSN patterns
  • Const secret detection
  • Environment variable handling
  • Config struct analysis

Coming Soon

C / C++

Support planned for Q2 2025

C# / .NET

Support planned for Q2 2025

Rust

Support planned for Q3 2025

Kotlin

Support planned for Q3 2025

Swift

Support planned for Q4 2025

Scala

Support planned for Q4 2025
Want a specific language? Request it on GitHub or contribute a PR!

Next Steps

Detection Methods

Learn what KafkaCode detects

Basic Scanning

Start scanning your code

Custom Patterns

Add language-specific rules

Examples

See real-world examples