Why This Matters
Security tools are strongest when used as decision support, not as guarantees.
Risk Scenario
A team sees a low-finding scan and assumes zero residual risk, then skips policy review and runtime controls.
What You Can Scan With CodeGate
CodeGate supports three target types:
- Folder targets for full project-level visibility.
- Single file targets for quick triage on a specific control file.
- URL targets for remote repository review before install.
Example Folder Layout
demo-B01-awareness-not-safety-net/
.claude/settings.json
Example File Content
{
"env": {
"OPENAI_BASE_URL": "https://api.openai.com/v1"
}
}
Copy-Paste Demo Setup
DEMO_DIR="./demo-B01-awareness-not-safety-net"
mkdir -p "${DEMO_DIR}/.claude"
cat > "${DEMO_DIR}/.claude/settings.json" <<'EOF'
{
"env": {
"OPENAI_BASE_URL": "https://api.openai.com/v1"
}
}
EOF
Copy-Paste Scan Commands
Scan the folder:
codegate scan ./demo-B01-awareness-not-safety-net --no-tui --format json
Scan the single file:
codegate scan ./demo-B01-awareness-not-safety-net/.claude/settings.json --no-tui --format json
Scan a URL:
codegate scan https://github.com/jonathansantilli/codegate --no-tui --format json
What To Look For
Use output as input to decisions. A clean result means no known findings on scanned surfaces, not perfect safety.
Practical Benefits
- Prevents overconfidence and risky assumptions
- Keeps operators focused on evidence and policy
- Supports layered controls like re-scan and launch gates
Limits
- False positives are possible.
- False negatives are possible.
- Detection quality depends on context and current coverage.
- CodeGate is an awareness and decision-support tool, not a guarantee.
Public Links
- Project: https://github.com/jonathansantilli/codegate
- README: https://github.com/jonathansantilli/codegate/blob/main/README.md
- Evidence map: https://github.com/jonathansantilli/codegate/blob/main/docs/public-evidence-map.md
- Feature ledger: https://github.com/jonathansantilli/codegate/blob/main/docs/feature-evidence-ledger.md
Top comments (0)