deepsec lives in a .deepsec/ directory at the root of the repo you
want to scan, checked into git so teammates inherit project context.
From the codebase's repo root:
npx deepsec init # creates .deepsec/ + registers this repo
cd .deepsec
pnpm install.deepsec/ has its own package.json and node_modules/ — separate
from the parent repo's lockfile and tooling. The parent repo only
needs to know .deepsec/ exists.
To scan another codebase from the same .deepsec/, run
pnpm deepsec init-project <path>. Each project gets its own
data/<id>/ subdirectory.
deepsec is polyglot (TS, Go, Python, Lua, Terraform, …). The parent
repo doesn't need to be a Node project — .deepsec/ is self-contained
and only needs pnpm (or npm / yarn) inside that one directory.
The scaffold's .deepsec/.gitignore keeps INFO.md, SETUP.md, and
deepsec.config.ts tracked so teammates inherit project context, but
ignores generated state (data/*/files/, data/*/runs/, etc.).
The expensive stage is process. With Claude Opus and default settings
(--concurrency 5 --batch-size 5):
| Files | Approx cost | Approx wall time |
|---|---|---|
| 100 | $25–60 | 5–15 min |
| 500 | $130–300 | 25–60 min |
| 2,000 | $500–1200 | 1.5–4 hr |
Costs swing 2–3x based on file complexity. Run --limit 50 first to
calibrate before committing to a full pass.
triage is ~1¢/finding. revalidate is comparable to process.
Both work. Different strengths:
- Claude (Opus): strong at reasoning about authorization shapes and cross-file flows. The default. Most expensive.
- Codex (gpt-5.5): runs in a strict sandbox (read-only, no network). Fast at grep-heavy investigations. Cheaper.
Mix them. Run Claude first, then re-process unconvincing findings with
--agent codex --reinvestigate for a second opinion. Findings dedupe
across agents.
Either works. The gateway gives you provider failover, observability, and zero data retention. One token covers Claude and Codex. For a quick evaluation, use Anthropic directly. For ongoing production scanning, use the gateway.
# Direct Anthropic
ANTHROPIC_AUTH_TOKEN=sk-ant-...
ANTHROPIC_BASE_URL=https://api.anthropic.com
# AI Gateway (recommended)
ANTHROPIC_AUTH_TOKEN=vck_...
ANTHROPIC_BASE_URL=https://ai-gateway.vercel.shIf claude or codex is already logged in on this machine, non-sandbox
runs reuse that subscription — no API key needed.
See vercel-setup.md for how to get a gateway key and how to wire up Vercel Sandbox auth (OIDC or access token).
After revalidation: ~10–29% on `HIGH+.
Two things help most:
- Revalidate
HIGH+before acting on findings. Worth the cost. - Write a good
INFO.mdper project. Even a paragraph describing the auth shape and threat model improves precision a lot. See getting-started.md.
deepsec sandbox process fans work across Vercel Sandbox microVMs
in parallel. Worth it when:
- The repo is large enough that local concurrency saturates your laptop.
- You want results in under an hour on a 5k+ file repo.
- You're running this as a scheduled job in CI/CD.
Otherwise local execution is simpler. The sandbox path needs the
@vercel/sandbox SDK (already a dep) and a Vercel account.
The AI agents read source code from your local repo and send relevant snippets to the configured LLM provider as part of investigation prompts. With Vercel AI Gateway, the gateway has zero data retention; prompts aren't stored. With direct Anthropic, see Anthropic's data retention policy.
deepsec itself doesn't phone home or report telemetry. The data/<id>/
directory stays on your machine unless you explicitly export it.
Yes. The natural shape:
# Cron — full scan every Sunday
pnpm deepsec scan --project-id main --root .
pnpm deepsec process --project-id main --concurrency 5
pnpm deepsec revalidate --project-id main --min-severity HIGH
pnpm deepsec export --project-id main --format json --out findings.json
# Per-PR — incremental scan on changed files only
pnpm deepsec scan --project-id main --root .
pnpm deepsec process --project-id main --filter $CHANGED_PATH_PREFIXThe data/ directory is your state — persist it between CI runs (cache
it as a build artifact) or just re-scan from scratch each time.
Yes:
scanmerges new candidates into existing FileRecords; doesn't re-investigate already-analyzed files.processonly touches files withstatus: "pending", unless you pass--reinvestigate(re-investigate everything) or--reinvestigate <N>(re-investigate, tagged with wave marker N — a later run with the same N skips files already processed in this wave).revalidateonly touches findings without arevalidationfield unless--forceis set.
See docs/writing-matchers.md. Short version: hand
your .deepsec/data/ and the target repo to your coding agent with the
prompt in that doc — it'll spot entry-point coverage gaps the default
matchers miss and write matchers tailored to your codebase.
The AI processor is language-agnostic and will investigate any text-readable source file. The thinner the regex layer, the more the process stage carries. A few starter matchers for the new language are worth writing; they front-load file selection so the AI gets the most promising sites first.
See SECURITY.md. Don't open a public issue — use GitHub Security Advisories instead.