How Analysis Works

Understand how SyntaxValid analyzes your code, evaluates risk, applies policies, and calculates TrustScore.

## How Analysis Works

This page explains how SyntaxValid analyzes your codebase and turns complex signals into clear, actionable results.

This is not a setup guide.

For step-by-step instructions, see the Quickstart guide.

---

## High-level overview

At a high level, SyntaxValid follows five stages:

1. Code snapshot creation

2. Rule-based analysis

3. Policy evaluation

4. Issue classification

5. TrustScore calculation

Each stage is designed to minimize noise while maximizing decision value.

---

## 1. Code snapshot creation

When an analysis starts, SyntaxValid creates a deterministic snapshot of your code.

Depending on the analysis type:

- Full analysis scans the entire repository

- Diff analysis scans only changed files (pull requests or commits)

The snapshot is immutable.

Results are always tied to a specific code state.

---

## 2. Rule-based analysis

SyntaxValid runs multiple categories of rules on the snapshot:

- Security rules (unsafe patterns, injection risks, secrets)

- Code quality rules (maintainability, complexity, smells)

- Architectural rules (layering, dependency boundaries)

- AI-generated code risk rules

- Supply chain and dependency checks

Rules are deterministic and explainable.

Each rule produces structured findings.

---

## 3. Policy evaluation

Rules alone do not decide outcomes.

Policies define:

- Which rule categories matter

- Severity thresholds

- Which issues are blocking

- When a merge should be considered unsafe

Policies transform raw findings into decisions.

This is where SyntaxValid differs from traditional linters.

---

## 4. Issue classification

Each finding is normalized into an issue with:

- Category

- Severity

- Blocking or non-blocking status

- Clear explanation

- Fix guidance

Blocking issues represent unacceptable risk and directly affect merge readiness.

Non-blocking issues are informational and can be addressed incrementally.

---

## 5. TrustScore calculation

TrustScore is a weighted signal derived from:

- Number and severity of issues

- Presence of blocking findings

- Risk concentration across the codebase

- AI-generated code risk signals

Blocking issues have the strongest impact.

TrustScore is designed to answer one question:

Is this code safe to move forward?

---

## Why this approach works

Traditional tools stop at detection.

SyntaxValid goes further by:

- Separating signal from noise

- Enforcing policies instead of opinions

- Aligning analysis results with real merge decisions

- Making AI-assisted fixes reviewable and safe

---

## What this page does not cover

- How to connect repositories

- How to run an analysis from the UI

- How to install GitHub or IDE integrations

For those topics, see:

- Quickstart

- GitHub Integration

- IDE Integrations

---

## Next steps

- Understanding TrustScore

- Issues and severities

- Fix with AI workflow