Guides
Targeted Scan

Targeted Scan

While Korbit automatically reviews all code changes in your pull requests, sometimes you want to get Korbit's insights on existing code without making functional changes. This guide shows you how to perform a targeted scan by duplicating specific files to a new branch and creating a pull request.

What is a Targeted Scan?

A targeted scan allows you to:

  • Get Korbit's review on existing code files
  • Focus on specific areas of your codebase
  • Identify potential issues without changing functionality
  • Review legacy code or third-party integrations
  • Get insights on code that wasn't originally reviewed by Korbit

Running a Targeted Scan

Step 1: Create a New Branch

Create a new branch from your main branch for your targeted scan. We recommend using a branch name like korbit-targeted-scan/legacy-api-review or korbit-targeted-scan/security-audit to keep things organized.

Step 2: Duplicate Files to Review

Duplicate the specific files you want Korbit to review:

  • Individual files
  • Multiple files
  • Entire directories

Step 3: Commit the Files

Stage and commit the duplicated files with a descriptive message explaining what you're reviewing.

Step 4: Push and Create a Pull Request

Push your branch and create a pull request from your new branch to your main branch. Make sure to:

  • Name the pull request something like Korbit Targeted Scan: [description]
  • Add appropriate labels to the pull request (e.g. security, legacy, etc.)
  • Add DO NOT MERGE labels to prevent accidental merging (these PRs are for review only)

Step 5: Let Korbit Review

Once you create the pull request, Korbit will automatically:

  • Analyze the duplicated files
  • Identify potential issues, security vulnerabilities, and code quality concerns
  • Post detailed comments and suggestions
  • Provide insights on best practices and improvements

Best Practices

When to Use Targeted Scans

  • Security Reviews: Review sensitive code like authentication, payment processing, or API endpoints
  • Legacy Code Assessment: Get insights on old code that wasn't originally reviewed by Korbit
  • Third-party Integration Review: Review vendor code or external libraries
  • Architecture Review: Get feedback on code structure and design patterns
  • Compliance Checks: Ensure code meets specific standards or requirements
⚠️

Important Notes

  • No Functional Changes: Remember, you're duplicating files for review, not making changes
  • Clear Documentation: Always explain the purpose of the targeted scan in your PR description
  • Selective Duplication: Only duplicate the files you actually want reviewed to keep the PR focused
  • Branch Cleanup: Delete the targeted scan branch after the review is complete

Example Workflow

Here's a simple example for reviewing a legacy authentication system:

  1. Create a branch called korbit-targeted-scan/auth-review
  2. Duplicate authentication files from main branch (e.g., src/auth/, src/middleware/auth.js, src/utils/encryption.js)
  3. Commit with message "Add authentication files for security review"
  4. Push and create PR with description explaining the security review purpose
  5. Let Korbit analyze the duplicated files

Next Steps

After Korbit completes the review:

  1. Review the Issues: Go through all the issues Korbit identified
  2. Address Critical Issues: Create follow-up PRs to fix security or critical issues
  3. Document Insights: Use Korbit's feedback to improve your coding standards
  4. Clean Up: Delete the targeted scan branch once you're done

This targeted scan approach gives you the benefits of Korbit's comprehensive code review on existing code without requiring functional changes to your codebase.

GuidesKorbit in the IDE