Releases: DevSecOps-AppSec/ai-secure-code-review-action
Releases · DevSecOps-AppSec/ai-secure-code-review-action
Release list
v1.0.2
v1.0.2 – Expanded Secure Code Review Coverage
What’s New
Added coverage for cryptography, SSRF, file uploads, CI/CD workflows, containers, mobile code, and privacy/compliance checks.
Why It Matters
This release makes secure code reviews more comprehensive, structured, and actionable while keeping the output format consistent and developer-friendly.
Upgrade Notes
- No configuration changes required.
- Simply update to v1.0.2 to take advantage of the expanded coverage.
What's Changed
- Improve Prompt by @souro1212 in #4
- Update prompt.txt by @souro1212 in #5
Full Changelog: v1.0.1...v1.0.2
v1.0.1
v1.0.1 — Secure Prompt Update
✨ What’s New
- Strengthened
prompt.txtto improve resilience against:- Prompt injection attempts inside code diffs
- Malicious instructions hidden in comments
- Attempts to exfiltrate secrets through model output
- Clearer system guidance to treat all PR diffs as untrusted input.
- Added safeguards instructing the model to redact secrets if encountered and to ignore external links or code execution requests.
🔒 Why this matters
These changes ensure that the AI reviewer:
- Focuses strictly on changed code hunks.
- Avoids being tricked into leaking secrets or altering behavior.
- Provides more trustworthy and safer reviews in real-world AppSec scenarios.
✅ Impact
- No breaking changes for users.
- Same usage as before:
- uses: DevSecOps-AppSec/ai-secure-code-review-action@v1.0.1
with:
openai_api_key: ${{ secrets.OPENAI_API_KEY }}v1.0.0
Full Changelog: https://github.com/DevSecOps-AppSec/ai-secure-code-review-action/commits/v1.0.0### What’s new
- Initial public release of AI Secure Code Review GitHub Action
- Performs a 2-minute AppSec review of changed PR hunks using a ChatGPT-compatible API
- Posts structured findings as a single, idempotent comment on the PR
- Supports OpenAI, OpenRouter, or other API-compatible backends
Permissions required
contents: read— to fetch diffspull-requests: write— to post the review comment
Usage example
name: Secure Code Review
on:
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
jobs:
review:
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
steps:
- uses: DevSecOps-AppSec/ai-secure-code-review-action@v1.0.0
with:
openai_api_key: ${{ secrets.OPENAI_API_KEY }}
model: gpt-4o-mini
time_budget_seconds: 90
max_files: 20
max_lines: 1000