How VettCode Works
Three steps from codebase to signed report. Your source code never leaves your machine — only hashes and aggregates.
Three Simple Steps
Scan
Download the free VettCode scanner and run it locally on your codebase. The scanner analyzes your code and produces a JSON file with hashes and aggregate metrics.
- Runs entirely on your machine — no source code leaves
- Supports single repos and multi-repo setups
- Produces terminal output with grades and metrics for immediate review
- Exports a JSON file with hashed data for report generation
- Optional: connect GitHub or GitLab for cloud-based scanning
Upload
Upload the scan JSON to VettCode. We determine your pricing tier based on total lines of code and you pay a one-time fee for a signed report.
- JSON contains only hashes and aggregates — no source code or file paths
- Pricing is based on total LOC, not repo count
- One-time payment — no subscriptions
- Tiers range from $99 (up to 30K LOC) to $999 (300K+ LOC)
Report
Receive a signed PDF report with grades across 6 categories, risk summaries, and a public verification link. Share it with buyers confidently.
- Overall grade plus 6 scored categories
- Risk and strength summaries with actionable insights
- Ed25519 digital signature for tamper-evidence
- Public verification link — buyers verify without an account
- Downloadable as signed PDF and JSON
Choose Your Path
From free local scanning to premium AI-powered analysis — pick the level of due diligence that fits your deal.
Free Scan
$0
Run the scanner locally as many times as you want. Get terminal output with grades and a raw JSON export. No account required.
Signed Report
$99–$999
Upload your scan JSON, pay once, and get a cryptographically signed PDF report with a public verification link for buyers.
Deep Scan
0.5% of deal value
Post-LOI, buyers can request an AI-powered deep scan for architecture, code quality, and technical debt analysis. Requires seller approval.
Or Connect Your Git Provider
Prefer not to use the CLI? Connect your GitHub or GitLab account and scan repos directly from the platform. VettCode clones your code to an ephemeral container, runs the scan, and deletes the code immediately — nothing is persisted.
Git provider scans carry the highest verification level (provider-verified) because VettCode confirms you have admin/maintain access to the repositories.
Your Code Stays Private
No Source Code Exposure
The CLI scanner runs locally. Only hashes and aggregate metrics are included in the scan JSON — never file paths, code, or secrets.
Cryptographically Signed
Every report is signed with Ed25519. Buyers can verify the report hasn't been tampered with using the public verification link.
Public Verification
Anyone can verify a report's authenticity — no VettCode account needed. Just visit the verification link included in every report.
Ready to get started?
Download the free scanner and run your first scan in minutes.