Gap Analysis
Find every missing test, security hole, and coverage blind spot before they reach production. Gap Analysis combines 39+ technical checks with intelligent business logic analyzers to surface exactly what your test suite is missing.
What is Gap Analysis
Gap Analysis is an automated audit engine that runs 39+ technical checks plus a suite of business logic analyzers against your entire codebase. After Discovery maps your project's endpoints, models, services, and integrations, Gap Analysis takes that inventory and asks a simple question: what isn't tested?
It goes far beyond line-of-code coverage. The engine inspects authentication flows for bypass vectors, scans database schemas for missing constraints, checks API responses for inconsistent error formats, and validates that frontend components handle loading, empty, and error states. Every finding is mapped back to the exact file and line in your repository so you can act on it immediately.
The result is a prioritized list of gaps, each categorized by severity and paired with an actionable fix suggestion. No manual triage, no spreadsheet audits — just a clear picture of what's missing and why it matters.
Technical Scanners
Five dedicated scanners each focus on a specific technical domain. They run in parallel during analysis and collectively produce the majority of actionable findings.
Security Scanner
Inspects authentication and authorization paths for weaknesses that could allow unauthorized access or data leakage.
- ▶auth-bypass — Routes or controllers missing authentication middleware
- ▶secrets-in-code — Hardcoded API keys, tokens, or credentials committed to the repository
- ▶injection-vectors — Unsanitized user input in SQL queries, shell commands, or template rendering
- ▶cors-misconfig — Overly permissive CORS policies allowing wildcard origins or credentials
- ▶rate-limiting — Public endpoints without throttling, vulnerable to brute-force or DDoS
- ▶jwt-validation — Missing expiration checks, weak signing algorithms, or no signature verification
Database Scanner
Analyzes migrations, schema definitions, and query patterns to catch data-layer issues before they cause production incidents.
- ▶missing-indexes — Columns used in WHERE clauses or JOINs without corresponding indexes
- ▶no-constraints — Foreign keys, unique constraints, or NOT NULL checks absent from critical columns
- ▶connection-pooling — Database connections created per-request without pooling or limits
- ▶cascade-delete — Parent record deletion that orphans child rows or triggers unintended cascades
- ▶pending-migrations — Migration files that exist but have not been applied to the target database
API Scanner
Reviews request handlers, middleware, and response structures to ensure your API behaves consistently and defensively.
- ▶missing-validation — Request bodies accepted without schema validation or type checking
- ▶no-pagination — List endpoints returning unbounded result sets without limit/offset support
- ▶inconsistent-errors — Error responses using different shapes or missing standard fields across endpoints
- ▶wrong-status-codes — Handlers returning 200 for errors, 404 for authorization failures, or 500 for validation issues
Frontend Scanner
Examines React components, pages, and layouts for resilience and accessibility gaps that affect end users.
- ▶no-error-boundaries — Component trees without error boundaries, causing full-page crashes on render failures
- ▶accessibility — Missing alt text, insufficient color contrast, no keyboard navigation, or absent ARIA labels
- ▶missing-states — Components that fetch data but don't handle loading spinners, empty result sets, or error fallbacks
Code Quality Scanner
Flags maintainability issues that make testing harder and increase the likelihood of regressions.
- ▶dead-code — Functions, classes, or modules that are defined but never referenced anywhere in the codebase
- ▶unused-imports — Import statements pulling in modules that are never used, increasing bundle size
- ▶complexity-hotspots — Functions with high cyclomatic complexity that are difficult to test exhaustively
Business Logic Analyzers
While technical scanners check for known anti-patterns, business logic analyzers understand what your application doesand generate findings specific to your domain. Six analyzers work together to build a semantic model of your application's behavior.
Domain Inference
Reads your models, routes, and business logic to determine your application's industry domain — whether that's EdTech, SaaS, Construction, eCommerce, or something else entirely. This classification drives which industry-specific checks are applied and which test scenarios are prioritized.
Scenario Generation
Takes the feature inventory from Discovery and generates concrete test scenarios for each discovered capability. For a payment endpoint, it might produce scenarios for successful charge, declined card, partial refund, duplicate submission, and currency mismatch — all derived from your actual code paths.
State Machine Validation
Maps the lifecycle states of your key entities (orders, tickets, enrollments, invoices) and validates that every transition is guarded. Catches issues like orders jumping from pending to completed without passing through processing, or entities stuck in terminal states with no exit path.
Cross-Reference
Checks consistency across your endpoints, models, and services. If a model defines a field that no endpoint ever reads or writes, that's flagged. If an endpoint references a service method that doesn't exist, that's flagged. Ensures your inventory is internally consistent and nothing is silently orphaned.
Edge Case Detection
Identifies boundary conditions and error paths that are commonly untested: zero-quantity orders, negative balances, empty arrays passed to bulk operations, timezone edge cases around midnight, and concurrent modifications to the same resource. Each detected edge case becomes a candidate test scenario.
Integration Verification
Checks how your application handles third-party integrations — payment gateways, email providers, storage services, and external APIs. Verifies that timeout handling, retry logic, webhook signature validation, and graceful degradation are all present and tested.
How to Run Gap Analysis
Gap Analysis is part of every test run — there is no separate button to press. When you trigger a run on any project, the pipeline executes in order: Discovery first scans your codebase to build the feature inventory, then Gap Analysis automatically runs against that inventory to identify what's missing.
You can trigger a run from the project dashboard by clicking Run Tests, or from the project settings page. Scheduled runs via cron also include Gap Analysis automatically.
Once the analysis completes, results appear on the project's Gaps tab. You can filter, sort, and drill into each finding directly from there.
Reading the Results
Every finding is categorized into one of four severity levels so you can prioritize your response:
- Critical— Security vulnerabilities, data loss risks, or authentication bypasses that should be addressed before the next deployment.
- High— Missing validation, unhandled error states, or logic gaps that could cause incorrect behavior under normal usage.
- Medium— Consistency issues, missing edge case coverage, or performance concerns that should be resolved in the current sprint.
- Low— Code quality improvements, unused imports, or minor accessibility gaps that can be batched into maintenance work.
Each individual finding includes four pieces of information: what was found (the specific issue), where in the code it occurs (file path and line number), why it matters (the risk or impact), and a suggested fix with concrete guidance on how to resolve it.
Generating Fixes
Every finding in the Gaps tab includes a Generate Fix button. Click it, and AI will analyze the finding in context — reading the surrounding code, understanding the intent, and producing two outputs:
- ▶The code fix— A targeted patch that resolves the identified issue, written to match your project's coding style and conventions.
- ▶A matching test— A test that verifies the fix works correctly and prevents the issue from regressing in future changes.
Generated fixes are presented as diffs you can review before applying. You can copy them directly, download as patch files, or if your project is connected via Git, apply them as a branch automatically.
Industry-Specific Checks
When the Domain Inference analyzer identifies your application's industry, additional checks are activated that target the unique requirements of that domain. These go beyond generic best practices to enforce the rules that matter most in your specific context.
EdTech
Validates enrollment flows end-to-end — student registration, course assignment, prerequisite enforcement, and waitlist handling. Checks grading logic for edge cases like extra credit, late submissions, curved scores, and grade boundary rounding. Verifies that student data access is properly scoped by role (student, instructor, admin) and that academic records cannot be modified without audit trails.
SaaS
Audits billing and subscription logic for plan upgrades, downgrades, proration, trial expiration, and failed payment handling. Validates multi-tenancy isolation to ensure one tenant's data is never accessible to another — checking query scoping, cache key prefixing, and background job tenant context. Verifies that feature flags and entitlements are enforced consistently across API and UI layers.
Construction
Checks safety compliance workflows — incident reporting, inspection checklists, certification tracking, and expiration alerts. Validates document management for version control, approval chains, and access permissions on blueprints, permits, and change orders. Ensures that project timeline calculations handle dependencies, weather delays, and resource conflicts correctly.