​

Static Analysis

Static Analysis is the repository-side scanning workflow in Cloudgeni. It creates a Checkov-backed scan for a selected repository and gives you findings tied to files, checks, and resources inside that repository.

​

What You Need First

• A connected Git provider
• A repository visible in Cloudgeni

You do not need a cloud account to get started here.

​

Where It Lives

Use the workflow from Compliance -> Static Analysis in the app. Programmatically, the same flow is exposed through:

• POST /api/v1/organizations/:orgId/repositories/:repoId/static-analysis
• cloudgeni repo static-analysis create

​

What A Run Produces

A static analysis run becomes the current active analysis for that repository and exposes findings with code-side context such as:

• File path
• Check identifier
• Severity
• Resource reference

This is the fastest route to seeing whether the repository connection is useful and whether the repo contains IaC worth acting on.

​

How To Use It Well

Use Static Analysis when you want to:

• Triage repository issues before opening a PR workflow
• Identify high-signal file-level problems
• Feed the result into a later agent or remediation session

Avoid using it as a compliance dashboard for live cloud state. That is what Cloud Compliance and Cloud Monitors are for.

​

Notes On Scope

The current backend only accepts checkov as the analysis engine for this workflow. Keep the docs and any automation examples honest about that.

​

Related Pages