CodeVista analyzes your codebase and generates a stunning single-page HTML report — health scores, security scans, architecture detection, code smells, decay tracking, and more. All in pure Python.
The Problem
Every developer has stared at a codebase and thought: "I wish I could see the big picture." How healthy is this code? Where are the security holes? What's the architecture? Which files are decaying?
Existing tools are either:
- Heavy (require Node.js, servers, or databases)
- Expensive (SonarQube, CodeClimate)
- Limited (only do one thing — lint, or coverage, or complexity)
I wanted something that does everything and generates a single HTML file you can share with anyone.
Enter CodeVista
CodeVista is an open-source code analysis and security scanner that supports 80+ languages with 38 lint rules. Install it, point it at your project, and get a beautiful interactive report.
pip install codevista
codevista analyze ./my-project/
# Open report.html — that's it. No server needed.
What It Does
🏥 Health Scoring (0-100)
Composite health score across 6 categories:
- Readability
- Complexity
- Duplication
- Coverage
- Security
- Dependencies
🔒 Security Scanner
Detects:
- Hardcoded secrets (AWS keys, GitHub tokens, Stripe, API keys, passwords)
- Dangerous functions (eval, exec, shell=True, pickle)
- Private key detection
- Severity scoring (critical/high/medium/low)
🏗️ Architecture Detection
Automatically identifies patterns from your project structure:
- MVC, MVVM, Clean Architecture, Hexagonal
- Microservices, Event-Driven, CQRS
- Repository, Service Layer, Singleton, Strategy, Observer
- Includes architecture quality scoring
👃 19 Code Smell Categories
Goes beyond typical linters:
- God Classes, Long Parameter Lists, Feature Envy
- Shotgun Surgery, Dead Code, Magic Numbers
- Copy-Paste Code, Missing Error Handling
- Inconsistent Naming, Boolean Parameters, and more
📉 Decay Detection
Tracks how your codebase degrades over time using git history:
- Complexity growth trends
- Coupling growth
- Duplication growth
- Debt velocity (technical debt per week)
- 12-week predictions via linear regression
- Identifies inflection points where quality shifted
🧬 CodeDNA Fingerprinting
Generate a unique fingerprint of your codebase structure for tracking and comparison.
📊 25+ Subcommands
codevista analyze ./project/ # Full analysis
codevista quick ./project/ # Fast analysis (~3 seconds)
codevista compare ./v1/ ./v2/ # Compare two codebases
codevista watch ./project/ # Re-analyze on file changes
codevista smells ./project/ # Code smell detection
codevista architecture ./project/ # Architecture patterns
codevista code-age ./project/ # File age, churn, risk
codevista health ./project/ # Health score only
codevista security ./project/ # Security scan only
codevista dna ./project/ # CodeDNA fingerprint
codevista decay ./project/ # Architectural decay
codevista team ./project/ # Team productivity analysis
codevista trends ./project/ # Health trends over time
codevista lint ./project/ # Language-specific lint rules
👥 Team Analysis
| Metric | Description |
|---|---|
| Lines per Author | Added/removed/net per developer |
| Bus Factor | People needed to understand 50% of code |
| Code Ownership | Contribution share |
| Onboarding Complexity | How hard for a new contributor to ramp up |
| Time Zone Distribution | When the team commits |
Zero Dependencies. Seriously.
CodeVista is built with pure Python stdlib. No external packages. Install it from PyPI and it just works.
CI/CD Integration
Export to SARIF for GitHub Actions, Checkstyle, and more:
codevista ci-output ./project/ -f sarif
codevista export ./project/ --all
Why I Built This
As a student researcher working on multiple projects, I needed a way to quickly understand codebases — my own and others'. Commercial tools were too expensive, open-source tools were too narrow. So I built the tool I couldn't find.
Get Started
pip install codevista
codevista analyze ./your-project/
⭐ GitHub: github.com/rudra496/codevista
📦 PyPI: pypi.org/project/codevista
Rudra Sarker — student researcher and full-stack developer from Bangladesh. Building ethical, impactful open-source tools.
🔗 Connect:
- GitHub | LinkedIn | Twitter/X | ResearchGate | Personal Site
Top comments (0)