> ## Documentation Index
> Fetch the complete documentation index at: https://docs.krait.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Deep Analyze

> AI-powered static analysis for detecting zero-day vulnerabilities in source code

## Overview

Deep Analyze is an AI-driven static analysis feature that inspects source code for security vulnerabilities using program-structure analysis, call-graph extraction, and a multi-agent system.

<Note>
  **Privacy commitment**: We do not train our models with your data. Your source code and analysis results remain private and are never used for model training purposes.
</Note>

## Key capabilities

<CardGroup cols={2}>
  <Card title="Zero-day vulnerability detection" icon="shield-halved">
    Deep Analyze leverages call graphs to detect zero-day vulnerabilities from user-controlled inputs, including:

    * Authorization and authentication bypass
    * SQL injection
    * Server-Side Request Forgery (SSRF)
    * Remote Code Execution (RCE)
  </Card>

  <Card title="Integration points" icon="plug">
    Use Deep Analyze in:

    * Security engineering workflows
    * CI/CD security pipelines
    * Code review and PR validation
    * API and microservice security scanning
  </Card>
</CardGroup>

## Vulnerability detection

<Card title="Critical vulnerability categories" icon="bug">
  Deep Analyze identifies critical vulnerability categories:

  * **Broken Access Control** - Unauthorized access to resources
  * **SQL Injection** - Database manipulation through untrusted input
  * **Server-Side Request Forgery (SSRF)** - Unauthorized server-side requests
  * **Remote Code Execution (RCE)** - Arbitrary code execution
</Card>

## Validation workflow

All detected issues surface as **prefindings**. You validate each one to determine whether it is a confirmed vulnerability requiring remediation or a false positive that can be safely dismissed. Only approved prefindings become active findings in your workspace.

<Frame>
  <img src="https://mintcdn.com/krait/9ioPUQVgYHbGs9dJ/deep-scan/images/deep-scan-result.png?fit=max&auto=format&n=9ioPUQVgYHbGs9dJ&q=85&s=2dbd8dcbfd27a9a2b754a82c5eff9497" alt="Deep Analyze scan results showing prefindings" className="mx-auto" style={{ width:"100%", borderRadius:"0.5rem" }} width="2600" height="1796" data-path="deep-scan/images/deep-scan-result.png" />
</Frame>

## Vulnerability details

For each detected vulnerability, Deep Analyze provides full context to help your team understand and act on the issue:

* Human-readable description of the vulnerability
* CWE references and descriptions
* CVSS severity scoring
* The exact code path that leads to the vulnerability

<Frame>
  <img src="https://mintcdn.com/krait/9ioPUQVgYHbGs9dJ/deep-scan/images/api-finding.png?fit=max&auto=format&n=9ioPUQVgYHbGs9dJ&q=85&s=294727136eea85a14319dffba2665d92" alt="Vulnerability details view" className="mx-auto" style={{ width:"100%", borderRadius:"0.5rem" }} width="2164" height="1632" data-path="deep-scan/images/api-finding.png" />
</Frame>

## Recommended fixes and Autofix

For every confirmed API vulnerability, Krait suggests a recommended code fix alongside the finding details. You can review the proposed change before taking any action. When you are ready to apply it, Krait can automatically create an Autofix PR directly to your connected repository, so your team can review and merge the fix without writing a single line of code.

<Frame>
  <img src="https://mintcdn.com/krait/9ioPUQVgYHbGs9dJ/deep-scan/images/api-fix.png?fit=max&auto=format&n=9ioPUQVgYHbGs9dJ&q=85&s=60b91b73f57e6fc85993a64db778229a" alt="Recommended fix and Autofix PR for API vulnerability" className="mx-auto" style={{ width:"100%", borderRadius:"0.5rem" }} width="2108" height="1172" data-path="deep-scan/images/api-fix.png" />
</Frame>
