🦉 AI-Powered Code Reviews for Best Practices & Security Issues Across Languages
AI-CodeWise GitHub Action: Your AI-powered Code Reviewer!
-
🧠 Triggers on pull requests, sending code diffs to StepSecurity API & using Azure OpenAI API for code analysis
-
🔒 Pull request comments via StepSecurity bot, pinpointing issues to enhance code quality & tackle security risks
To use AI-CodeWise, add this GitHub Actions workflow to your repositories
name: Code Review
on:
pull_request:
permissions:
contents: read
jobs:
code-review:
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: read
steps:
- name: Harden Runner
uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v2.4.0
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
- name: Code Review
uses: step-security/ai-codewise@v1
When you create a pull request in the repository, the workflow will get triggered and add a pull request comment. The comment will be added even if the pull request is from a fork. Here is an screenshot of what the comment will look like:
The bot solely generates code comments, it does not approve or block PRs based on its suggestions. The action passes once the code comments are posted in the PR discussion.
🌟 AI-CodeWise: Outshining rule-based scanners with:
-
All-in-One Review 🌐: Detects code smells, best practice violations, & security issues across languages for versatile code review.
-
Unforeseen Issue Detection 🎯: AI-powered for discovering issues that rule-based systems might miss, ensuring thorough code analysis.
-
Fix Suggestions 🔧: Offers code change suggestions directly in PR comments, empowering devs to resolve issues efficiently, boosting code quality & security.
Here are a few example pull requests with PR comments from AI-CodeWise
- Terraform file with multiple security issues
- Java code vulnerable to XML external entities attacks
- JavaScript code vulnerable to open redirect
- Python code vulnerable to server-side request forgery (SSRF)
- C# code vulnerable to command injection
To try it out, you can also create a pull request in our demo repository. https://github.com/step-security/ai-codewise-demo
To use AI-CodeWise on a private repository, please join the beta.
- AI-CodeWise will only review changes if the total number of file changes in a pull request is less than 10.
- AI-CodeWise will only review changes in a file if the total characters in the diff is less than approximately 10K.