Repository Scanning

Instead of describing your requirements manually, you can connect an existing Git repository and let the Infrastructure Wizard analyse your codebase. The scanner detects your programming languages, frameworks, databases, storage patterns, and workload characteristics, then generates an infrastructure template that matches your application.

This is the fastest path from existing code to production-ready AWS infrastructure.

Connecting Your Repository

Supported Providers

Guardian Pro supports connecting repositories from:

GitHub -- Public and private repositories via OAuth
GitLab -- Public and private repositories via OAuth

Step-by-Step Connection

Navigate to the Infrastructure Wizard and select Scan a Repository.
Choose your Git provider (GitHub or GitLab).
You are redirected to your provider's OAuth authorization page.
Grant Guardian Pro read-only access to your repositories.
You are redirected back to Guardian Pro with the connection established.

Security

Guardian Pro requests read-only access to your repository contents. It does not modify your code, create branches, or push commits. The OAuth token is used solely for the scanning process and is encrypted at rest.

Selecting a Repository and Branch

After connecting your account, you can:

Search or browse your repositories to find the one you want to scan.
Select the branch to analyse (defaults to the main or master branch).
Click Start Scan to begin the analysis.

What the Scanner Detects

The repository scanner performs a comprehensive analysis of your codebase to identify:

Languages and Frameworks

The scanner identifies your programming languages and application frameworks by examining:

Package manifests (package.json, requirements.txt, Gemfile, go.mod, pom.xml, etc.)
Framework-specific configuration files
Source file extensions and import patterns
Build configuration files

Examples of detected frameworks:

Category	Frameworks
Web Frameworks	Express, FastAPI, Django, Flask, Spring Boot, Rails, Next.js, Nuxt
Frontend	React, Vue, Angular, Svelte
API	GraphQL (Apollo, Hasura), REST, gRPC
Mobile Backend	Firebase-compatible patterns, push notification integrations

Database Requirements

The scanner detects database needs from:

Connection strings and database driver imports
ORM configurations (SQLAlchemy, Prisma, TypeORM, Sequelize, etc.)
Migration files and schema definitions
Docker Compose service definitions

Detected database types include relational (PostgreSQL, MySQL), NoSQL (MongoDB, DynamoDB), caching (Redis, Memcached), and search (Elasticsearch, OpenSearch).

Storage Patterns

The scanner identifies storage requirements by looking for:

File upload handling code
S3 SDK usage
Docker VOLUME declarations
Static asset directories
Media processing libraries
CMS or file management patterns

Workload Characteristics

Based on the overall codebase analysis, the scanner determines your workload type:

Container-based -- Dockerfile present, Docker Compose, container orchestration configuration
Serverless -- Serverless Framework, SAM templates, individual function handlers
Static site -- Static site generators, frontend-only projects, no backend server
Traditional server -- Long-running processes, WebSocket servers, background workers

Existing Infrastructure

The scanner also detects any existing infrastructure-as-code in your repository:

Existing AWS templates
Terraform configurations
Docker Compose files
CI/CD pipeline configurations (GitHub Actions, GitLab CI, Jenkins)
Kubernetes manifests

note

If the scanner detects existing infrastructure definitions, it takes them into account when generating recommendations. It will not duplicate resources you have already defined, and it will suggest improvements based on best practices.

Scan Progress

After you start the scan, Guardian Pro shows a real-time progress indicator:

Cloning -- The repository is cloned for analysis.
Analysing -- The scanner examines your codebase structure, dependencies, and configuration.
Detecting -- Languages, frameworks, databases, and workload patterns are identified.
Generating -- An infrastructure template is produced based on the detected requirements.

A typical scan completes in 30 to 90 seconds, depending on the size of your repository.

Reviewing Scan Results

Before the template is generated, the Wizard presents a summary of what it detected. This gives you an opportunity to:

Verify accuracy -- Confirm that the detected languages, frameworks, and databases are correct.
Add missing components -- If the scanner missed a requirement (for example, a database you plan to add but have not yet coded), you can add it manually.
Remove unnecessary components -- Deselect any detected components that you do not want included in the infrastructure template.
Set the environment tier -- Choose whether this infrastructure is for development, staging, or production.

tip

The scanner is highly accurate for well-structured projects with standard package manifests and configuration files. For projects that use unusual conventions, you may need to adjust the detected components before proceeding to template generation.

Handling Edge Cases

Monorepos

If your repository contains multiple services or applications, the scanner analyses the entire repository and detects all components. You can then select which services to include in the generated infrastructure template.

Projects Without Package Manifests

For projects that do not use standard package managers, the scanner falls back to source file analysis. It examines file extensions, import statements, and code patterns to determine your technology stack. While this approach is less precise, it still produces accurate results for most projects.

Private Dependencies

The scanner analyses your dependency declarations but does not install or download your dependencies. It reads package manifests to identify frameworks and libraries but does not execute any code from your repository.

From Scan to Template

Once you have reviewed and confirmed the scan results, click Generate Template. The Wizard produces a complete infrastructure template based on the detected requirements, following the same best-practice standards as the conversational path.

You are then taken to the template review screen. See Review Your Template for the next steps.

Disconnecting Your Repository

Your Git provider connection persists in your Guardian Pro account so you can scan additional repositories in the future. If you want to revoke access:

Go to your Git provider's settings (GitHub Settings > Applications or GitLab Settings > Applications).
Find the Guardian Pro application and revoke its access.

Revoking access does not affect any templates already generated from your repositories.

Next Steps

Describe Your Requirements -- Prefer to describe your needs in a conversation? Use the conversational path instead.
Review Your Template -- Inspect and customise the generated infrastructure before deploying.
Deploy -- Take your reviewed template and deploy it to AWS.

Connecting Your Repository​

Supported Providers​

Step-by-Step Connection​

Selecting a Repository and Branch​

What the Scanner Detects​

Languages and Frameworks​

Database Requirements​

Storage Patterns​

Workload Characteristics​

Existing Infrastructure​

Scan Progress​

Reviewing Scan Results​

Handling Edge Cases​

Monorepos​

Projects Without Package Manifests​

Private Dependencies​

From Scan to Template​

Disconnecting Your Repository​

Next Steps​