Optimization
The One Code's Optimize module gives you quantitative visibility into technical debt across your clients' application portfolios. Technical debt scoring, dependency health analysis, dead app detection, and migration path recommendations turn abstract "this code needs work" conversations into concrete, prioritized, estimated remediation plans you can scope as professional services.
Technical Debt Scoring
Every repository gets a Technical Debt Score — a 0–100 number where higher means more debt. The score is broken down into seven categories, each scored independently.
The Seven Debt Categories
| Category | What It Measures |
|---|---|
| Code Quality | Code complexity, duplication, length of functions, anti-patterns detected in files |
| Dependency Health | Outdated packages, deprecated packages, known CVEs in dependencies |
| Documentation | Presence and quality of README, inline docs, API documentation |
| Test Coverage | Presence of test files, test-to-code ratio, CI test jobs |
| Architecture | Presence of configuration management, infrastructure-as-code, separation of concerns |
| Security | Secret scan findings, branch protection, 2FA enforcement, access control issues |
| CI/CD Health | Presence of CI workflows, build health, deployment automation |
Each category produces:
- A score (0–100, where 0 is ideal and 100 is worst)
- A list of issues with severity, description, file path (if applicable), and estimated remediation effort in hours
- Whether each issue is auto-fixable (e.g., updating a package version is auto-fixable; refactoring a 500-line function is not)
Overall Debt Score
The overall Technical Debt Score is a weighted composite of the seven categories. The weighting prioritizes security and dependency health more heavily because they represent actual risk, not just quality preferences.
Interpretation:
- 0–30 — Low debt. Well-maintained codebase, minor cleanup items.
- 31–60 — Moderate debt. Noticeable issues that will slow development if left unaddressed.
- 61–80 — High debt. Significant risk to development velocity and stability.
- 81–100 — Critical debt. The codebase has structural problems that need urgent attention.
Generating a Debt Analysis
- Navigate to the repository detail page
- Click Analyze Tech Debt under the Optimize section
- The One Code reads relevant files from GitHub and runs the debt analyzer
- Results appear within 1–3 minutes
The Debt Report
The debt report includes:
Per-category scores — A breakdown showing which categories are driving the most debt.
Top Issues — The highest-priority issues across all categories, sorted by severity × impact. Each issue includes:
- Severity (critical, high, medium, low)
- Category
- Title and description
- File path and specific location (where applicable)
- Estimated remediation effort in hours
- Whether it's auto-fixable
Remediation Plan — A prioritized, ordered list of remediation steps. Each step includes:
- Priority order (1 = do first)
- Title and description
- Estimated hours
- Impact rating (critical, high, medium, low)
- Category
Estimated Total Effort — The sum of all remediation hour estimates. This is the input for scoping a "technical debt reduction" professional services engagement.
Dead App Detection
The dead app detector identifies repositories that may be abandoned, unmaintained, or candidates for archiving. This helps MSPs have productive conversations with clients about cleaning up their codebase inventory.
Dead App Indicators
For each repository, the detector computes:
| Indicator | What It Measures |
|---|---|
last_commit_days_ago | Days since the last commit to any branch |
open_issues | Number of unresolved issues |
has_ci | Whether any CI/CD workflow files are present |
dependency_age_months | Average age of dependencies in months |
contributors_active_90d | Number of contributors who committed in the last 90 days |
is_archived | Whether the repo is marked archived on GitHub |
dead_score | Composite score from the above indicators |
Recommendations
Based on the dead score and indicators, the system makes one of five recommendations:
| Recommendation | Meaning |
|---|---|
active | The repo is being actively developed |
maintenance | The repo is in maintenance mode — receives fixes but no new features |
stale | The repo hasn't been updated in a while but may still be in use |
sunset | The repo shows strong indicators of being unused — discuss archiving with client |
dead | The repo is almost certainly abandoned — recommend archiving or deletion |
sunset and dead repos are worth a conversation with the client. Often they represent applications that were replaced but never formally decommissioned, or projects that stalled and the client forgot about.
Dependency Analysis
See the Dependency Audit and SBOM page for full coverage of the dependency analysis capabilities. Within the context of the Optimize module, the dependency analysis feeds into:
- The Dependency Health category of the tech debt score
- The Remediation Plan (outdated packages with known fixes are auto-fixable items)
- Migration recommendations (see below)
Migration Intelligence
Migration Intelligence identifies specific, actionable upgrade paths for outdated frameworks, runtimes, and infrastructure choices.
What It Analyzes
The migration engine looks at:
- Framework version (e.g., React 17 → 18, Angular 14 → 17)
- Runtime version (e.g., Node 16 → 20, Python 3.9 → 3.12)
- Language version (e.g., TypeScript 4 → 5)
- Infrastructure choices (e.g., Azure Functions v3 → v4)
- Dependencies with EOL dates or critical security fixes requiring major version bumps
Migration Path Details
For each identified migration path:
| Field | Description |
|---|---|
| Component | What needs updating (e.g., "React") |
| From version | Current version |
| To version | Target version |
| Urgency | Critical (EOL or active CVE), recommended, optional |
| Effort hours | Estimated work to complete the migration |
| Risk level | Low / medium / high (based on breaking changes) |
| Breaking changes | Specific breaking changes documented for this migration path |
| Migration steps | Step-by-step instructions |
| Automated tooling | Any codemods or migration tools available (e.g., react-codemod, ng update) |
| EOL date | When the current version loses vendor support |
Triggering Migration Analysis
- Navigate to the repository detail page
- Click Analyze Migration Paths
- The analysis combines the application profile, tech debt report, and dependency tree
- Results appear within 1–2 minutes
The Migration Dashboard
Navigate to Optimization → Migration Dashboard to see migration work across all repos:
- Critical migrations — EOL components or components with active exploits
- Total effort hours — Cross-portfolio estimate of migration work
- By component — How many repos need each type of migration
- Timeline — EOL dates to understand urgency
Use this dashboard to build out a multi-client migration roadmap — a valuable professional services pipeline item for a growing MSP.
Creating PSA Projects from Migration Recommendations
Migration recommendations can become PSA project tickets:
- Navigate to a migration recommendation
- Click Create PSA Project
- The PSA project is created with:
- Finding type:
migration_recommendation - Severity based on urgency (critical urgency → high priority)
- Description including the migration path, breaking changes, and effort estimate
- Migration steps pre-populated in the ticket body
- Finding type:
- Select assignee and milestone
- Click Create
This creates a billable work item in PSA with full context from the Code analysis.
The Optimization Dashboard
Navigate to Optimization to see the cross-repo Optimize module overview:
- Average debt score across all repos
- Worst repos — the repositories with the highest debt scores (most need attention)
- Total remediation hours — how much work is in the backlog across all clients
- Trending — whether portfolio-wide debt is improving, stable, or worsening
- Top issues by category — where the most debt is concentrated across the portfolio
The trending indicator compares the current average debt score to the previous analysis cycle. A worsening trend is a signal that technical debt is accumulating faster than it's being addressed.
Using Optimization for Professional Services
The Optimize module generates the evidence you need to scope and sell technical debt reduction services:
- Identify the largest debtors — Use the Optimization Dashboard to find which client repos have the highest scores
- Quantify the work — The remediation plan gives you an hour estimate broken down by category
- Prioritize by business risk — Sort by security and dependency health categories first
- Present at the QBR — Include the debt score trend in the Application Review report
- Create a project proposal — Convert the remediation plan into a PSA project
A client seeing their tech debt score trending from 45 to 62 over six months is a much more compelling conversation starter than "your code is getting old."