Skip to content

AI Secure Code Review

Actions

About

Automated AppSec code review on PR changes using a ChatGPT-compatible API
v1.0.2
Latest
Star (2)

AI Secure Code Review Action

GitHub Marketplace

Automated Application Security code review on Pull Request changes only.
Runs in under 2 minutes and posts a concise, actionable comment back to the PR.

Features

  • Reviews only changed hunks — fast and relevant
  • Identifies risks: injection, secrets, auth/z gaps, insecure configs
  • Structured output: Risk summary, findings, safeguards checklist
  • Works with OpenAI, OpenRouter, or any ChatGPT-compatible endpoint

Required permissions

  • contents: read — fetch PR diff
  • pull-requests: write — update a single comment

Usage

name: Secure Code Review
on:
  pull_request:
    types: [opened, synchronize, reopened, ready_for_review]

jobs:
  review:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      pull-requests: write
    steps:
      - uses: DevSecOps-AppSec/ai-secure-code-review-action@v1.0.2
        with:
          openai_api_key: ${{ secrets.OPENAI_API_KEY }}
          model: gpt-4o-mini
          time_budget_seconds: 90
          max_files: 20
          max_lines: 1000

AI Secure Code Review is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.

About

Automated AppSec code review on PR changes using a ChatGPT-compatible API
v1.0.2
Latest

AI Secure Code Review is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.