Know which languages and file types the Merchant API scanner can review.

The P0 scanner targets JavaScript, TypeScript, Python, PHP, Java, Ruby, Go, C#, Kotlin, Google Apps Script, JSON, XML, YAML, and common config files.

Findings include rule metadata and confidence so executable code, comments, documentation, fixtures, and generated clients can be reviewed differently.

Current limits: ZIP upload 10 MB, extracted workspace 100 MB, extracted file count 5,000, individual scannable text file 2 MB, total scannable text 25 MB.

Ignored directories include node_modules, vendor, build, dist, cache, virtualenv, and .git-style folders.

Unsupported or unsafe inputs produce clear next actions; critical scanner failure returns NOT_VERIFIED instead of a false READY result.

Scope limitation: unsupported languages can be reviewed with targeted snippets or questionnaire answers, but they cannot produce full static confidence.

Run free scan - no account required See a complete sample finding View pricing