Skip to main content
Tembo periodically analyzes your codebase to find technical debt, security vulnerabilities, and refactoring opportunities, then submits PRs for quick wins.

How it works

1

Scheduled scan

An automation runs on a schedule (daily, weekly, or monthly) and scans your codebase for issues.
2

Issues identified

The agent finds stale TODOs, security vulnerabilities, outdated dependencies, duplicated code, and other debt.
3

PRs submitted

For quick wins, the agent opens PRs with fixes. For larger issues, it creates tickets in Linear or Jira with implementation plans.

Set up tech debt automation

Security vulnerability scan

Trigger: Daily or weekly MCP Servers: GitHub, Linear 
Scan the codebase for:
- SQL injection vulnerabilities
- XSS vulnerabilities
- Hardcoded secrets or credentials
- Authentication and authorization flaws

Create Linear tickets for each finding with severity ratings.
Generate fix PRs for critical issues.
Browse all templates →

Stale TODO cleanup

Trigger: Weekly MCP Servers: GitHub 
Find all TODO, FIXME, and HACK comments in the codebase.
For each one that's older than 30 days:
1. Determine if it's still relevant
2. If it's a quick fix, open a PR to resolve it
3. If it needs discussion, create an issue

Dependency updates

Trigger: Monthly MCP Servers: GitHub 
Check for outdated dependencies.
For each outdated package:
1. Check the changelog for breaking changes
2. Update the dependency
3. Run tests to verify compatibility
4. Open a PR with a summary of changes

Best practices

  • Start weekly: Run scans weekly to build a habit of reviewing and merging debt-reduction PRs.
  • Prioritize security: Set security scans to run more frequently than cosmetic cleanup.
  • Scope by directory: Focus on one area of your codebase at a time rather than scanning everything at once.