Basic Usage The most common way to use KafkaCode is with the scan command:
kafkacode scan < director y > Scanning Your Project Current Directory
Specific Directory
With npx
Scan the current directory and all subdirectories: Understanding the Output Scan Summary Every scan starts with a summary section:
🎯 PRIVACY SCAN REPORT ═══════════════════════════════════════════════════════════ 📊 SCAN SUMMARY 📁 Directory: ./src ⏰ Timestamp: 2025-01-15 10:30:45 📄 Files Scanned: 25 🔍 Total Issues: 3 🏆 Privacy Grade: 🟡 B- ═══════════════════════════════════════════════════════════ Key Metrics:
Directory : Path that was scannedTimestamp : When the scan was performedFiles Scanned : Number of source files analyzedTotal Issues : Count of all findingsPrivacy Grade : Overall grade (A+ to F)
Issue Listings Issues are grouped by severity:
🔴 CRITICAL (1) ──────────────────────────────────────────────────────────── 📄 src/config.js:12 AWS Access Key detected aws_access_key_id = "AKIAIOSFODNN7EXAMPLE" 💡 Recommendation: Move to environment variables 🟠 HIGH (1) ──────────────────────────────────────────────────────────── 📄 src/auth.js:23 API key found in code const apiKey = "sk_live_abc123..." 💡 Recommendation: Use configuration management 🟡 MEDIUM (2) ──────────────────────────────────────────────────────────── 📄 src/utils/validator.js:45 Email address found in code const adminEmail = "[email protected] " 💡 Recommendation: Use configuration file 📄 src/database/connection.js:8 Potential database connection string const dbUrl = "mongodb://localhost:27017/mydb" 💡 Recommendation: Use environment variables 🔵 LOW (3) ──────────────────────────────────────────────────────────── 📄 src/config.js:5 IP address detected const serverIP = "192.168.1.100" 💡 Recommendation: Use DNS names when possible Each finding includes:
File path : Location of the issueLine number : Exact line where issue was foundDescription : What was detectedCode snippet : The problematic codeRecommendation : How to fix it
Verbose Mode Get detailed progress information during scanning:
kafkacode scan ./src --verbose Verbose output shows: 🚀 Starting KafkaCode privacy scan... 📁 Discovering source code files... Found 25 files to analyze 🔍 Performing privacy analysis... Analyzing: src/config.js Analyzing: src/auth.js Analyzing: src/utils/validator.js Analyzing: src/database/connection.js ... ✅ Analysis complete Verbose mode is helpful for:
Understanding what KafkaCode is doing
Debugging issues
Monitoring progress on large codebases
Exit Codes KafkaCode uses exit codes to indicate results:
Exit Code Meaning 0✅ No issues found 1⚠️ Issues found or scan error
Use in scripts: # Exit if issues found kafkacode scan ./src || exit 1 # Or with custom handling if kafkacode scan ./src ; then echo "✅ No privacy issues detected" else echo "⚠️ Privacy issues found, see report above" exit 1 fi Common Scenarios Scenario 1: Quick Project Check # Navigate to project cd ~/projects/my-app # Quick scan kafkacode scan . Scenario 2: Scan Before Commit # Scan staged changes git diff --name-only --cached | xargs -I {} dirname {} | sort -u | xargs kafkacode scan # Or scan entire src directory kafkacode scan ./src Scenario 3: Focus on Specific Directory # Scan only backend code kafkacode scan ./backend # Scan only specific module kafkacode scan ./src/auth Scenario 4: Multiple Directory Scan # Scan multiple directories (requires loop) for dir in frontend backend mobile ; do echo "Scanning $dir ..." kafkacode scan ./ $dir done What Files Are Scanned? Included Files KafkaCode automatically scans these file types:
Excluded Files & Directories Automatically skipped:
Version Control: Dependencies:
node_modules/vendor/bower_components/
Python Virtual Environments:
venv/.venv/env/__pycache__/.pytest_cache/.mypy_cache/
Build Outputs:
build/dist/target/out/.next/.nuxt/
Test Coverage: Plus any files/directories in your .gitignore Gitignore Support KafkaCode automatically respects your .gitignore file:
# .gitignore *.env *.key *.pem secrets/ config/local.* credentials.json All matching files will be excluded from scanning.
Pro Tip : If you want KafkaCode to skip certain files, add them to your .gitignore. This is especially useful for test fixtures or mock data.
Scan Specific Directories
Instead of scanning the entire project, target specific directories: # Instead of this: kafkacode scan . # Do this: kafkacode scan ./src ./lib
Use .gitignore Effectively
Add large directories to .gitignore: # Exclude test fixtures tests/fixtures/ # Exclude generated files generated/ # Exclude third-party code third_party/
Use time to measure performance: time kafkacode scan ./src Typical performance:
Small project (< 100 files): 2-5 seconds
Medium project (100-1000 files): 10-30 seconds
Large project (> 1000 files): 30-120 seconds
Interpreting Results No Issues Found 📊 SCAN SUMMARY 📄 Files Scanned: 25 🔍 Total Issues: 0 🏆 Privacy Grade: 🟢 A+ ✅ No privacy issues detected! Action: Great! Your code is clean. Continue following best practices.Minor Issues Found 📊 SCAN SUMMARY 📄 Files Scanned: 25 🔍 Total Issues: 3 🏆 Privacy Grade: 🟢 A- 🔵 LOW (3) 📄 src/config.js:5 IP address detected Action: Review and address minor issues when convenient.Critical Issues Found 📊 SCAN SUMMARY 📄 Files Scanned: 25 🔍 Total Issues: 5 🏆 Privacy Grade: 🔴 D 🔴 CRITICAL (2) 📄 src/config.js:12 AWS Access Key detected 📄 src/stripe.js:8 Stripe Secret Key detected Action: Fix critical issues immediately before deploying!Next Steps Important : KafkaCode is a static analysis tool. It may produce false positives or miss certain issues. Always review findings in context and use it as part of a comprehensive security strategy.
