AI Reviews

Overview

The AI Reviews page lets you configure, trigger, and monitor AI-powered security reviews on GitHub pull requests. The AI reviewer analyzes code changes and posts inline comments with security findings.

Summary Cards

At the top of the page, summary cards display key statistics at a glance:

  • Total Reviews — the total number of AI reviews performed.
  • Completed — reviews that finished successfully.
  • Failed — reviews that encountered an error.
  • Total Findings — the cumulative number of security findings across all reviews.
  • Avg Findings/Review — the average number of findings per completed review.
  • Repos Enabled — the number of repositories with AI reviews turned on.

Configuring Repositories

Click Configure to show the configuration panel (available to analysts and admins). You can filter the repository list by organization, then configure each repository individually with the following options:

  • Enabled — toggle AI reviews on or off for the repository.
  • Auto-Comment — when enabled, findings are posted as inline PR comments on GitHub.
  • Dry Run — analyze the pull request but do not post any comments.
  • Severity Threshold — set the minimum severity level to report. Options are:critical, high, medium, or low.

Use the Enable All checkbox to bulk-toggle reviews for every repository in the filtered list.

Open Pull Requests

This section shows pull requests from enabled repositories. The table includes the following columns:

  • Repository — the repository name.
  • PR Number — a clickable link that opens the pull request on GitHub.
  • PR Title — the title of the pull request.
  • Author — the GitHub user who opened the PR.
  • Updated — the date the PR was last updated.
  • Review Status — the current status of the AI review:pending, in_progress, completed,failed, or skipped.

Analysts and admins can click Review to trigger a new analysis, or Re-Review to re-run a previous analysis. The page displays the next auto-sync timestamp and includes a Refresh button to reload the list manually.

Review History

The review history table can be filtered by repository and status. It displays the following columns:

  • Repository — the repository name.
  • PR Number with Title — the PR number alongside its title.
  • Author — the PR author.
  • Status — a badge indicating the review status.
  • Findings Count — the total number of findings from the review.
  • Severity Breakdown — badges showing the count of findings at each severity level: critical, high, medium, and low.
  • Reviewed — the timestamp when the review was completed.

Review Details

Click any review row to expand its details. If the review failed, the error message is displayed. For completed reviews, a list of findings is shown. Each finding includes:

  • Title — a short description of the finding.
  • File Path with Line Numbers — the exact location in the source code.
  • Category and CWE ID — the vulnerability category and its CWE identifier.
  • Description — a detailed explanation of the issue.
  • Why It Is Risky — the potential impact if left unaddressed.
  • OWASP Reference — the related OWASP category or guideline.
  • Remediation Guidance — step-by-step instructions on how to fix the issue.
  • Secure Code Example — a corrected code snippet demonstrating the fix.