AI Secure Code Review Action

Automated Application Security code review on Pull Request changes only.
Runs in under 2 minutes and posts a concise, actionable comment back to the PR.

Features

Reviews only changed hunks — fast and relevant
Identifies risks: injection, secrets, auth/z gaps, insecure configs
Structured output: Risk summary, findings, safeguards checklist
Works with OpenAI, OpenRouter, or any ChatGPT-compatible endpoint

Required permissions

contents: read — fetch PR diff
pull-requests: write — update a single comment

Usage

name: Secure Code Review
on:
  pull_request:
    types: [opened, synchronize, reopened, ready_for_review]

jobs:
  review:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      pull-requests: write
    steps:
      - uses: DevSecOps-AppSec/ai-secure-code-review-action@v1.0.2
        with:
          openai_api_key: ${{ secrets.OPENAI_API_KEY }}
          model: gpt-4o-mini
          time_budget_seconds: 90
          max_files: 20
          max_lines: 1000

Name		Name	Last commit message	Last commit date
Latest commit History 35 Commits
.gitignore		.gitignore
LICENSE		LICENSE
README.md		README.md
action.yml		action.yml
package.json		package.json
prompt.txt		prompt.txt
review_pr.js		review_pr.js

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

AI Secure Code Review Action

Features

Required permissions

Usage

About

Uh oh!

Releases 3

Packages

Uh oh!

Uh oh!

Contributors

Uh oh!

Languages

Folders and files

Latest commit

History

Repository files navigation

AI Secure Code Review Action

Features

Required permissions

Usage

About

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases 3

Packages 0

Uh oh!

Uh oh!

Contributors

Uh oh!

Languages

Packages