Missing .gitignore
Part of Architecture & Best Practices, which counts for 15% of the overall score. When this check fires it deducts 8 points from that category, once per scan, no matter how many places it turns up.
What it detects
Every project with source control should exclude build artifacts, dependencies, and secrets via .gitignore.
Why it matters
Without a .gitignore, one git add -A stages build output, dependency directories, editor files, and any local .env with real credentials. That bloats the repo, makes every diff noisy, and is one of the most common ways secrets reach git history. It is a one-file fix.
How to fix it
Add a .gitignore at the repo root covering your stack: node_modules/ and build output (dist/, .next/, build/) for JS/TS, __pycache__/, *.pyc, and venv/.venv/ for Python, .env and .env.* except .env.example, and OS/editor noise like .DS_Store. GitHub's template collection (github/gitignore) is a solid starting point. If junk was already committed, untrack it with git rm -r --cached after adding the rules.
The paid report includes a ready-to-paste prompt for your AI coding agent for every check it finds, pointed at the exact findings from your scan. See pricing
Does your repo trip this check?
Paste a GitHub URL or drop a project folder. Scans run in your browser and take seconds.
Scan your repo