PR Security Bot is a GitHub App(bot) that automatically scans pull requests, identifies malicious code, and prevents security threats before they get merged. The bot provides inline PR comments, assigns a security score, and auto-closes PRs that fall below a threshold, ensuring your repository remains safe from supply chain attacks.
✅ AI-Powered Threat Detection – Scans PRs for potential vulnerabilities and malicious code.
✅ Security Score Assessment – Assigns a security score to every PR to help maintainers make informed decisions.
✅ Automated PR Actions – Auto-closes PRs with a security score below 40, preventing risky merges.
✅ Inline PR Comments – Highlights security risks directly in the code for easy review.
✅ Comprehensive Security Checks:
- Sensitive Data Exposure – Detects hardcoded credentials, API keys, and other sensitive data.
- SQL Injection – Flags potential SQL injection vulnerabilities.
- Command Injection – Identifies risks related to command execution attacks.
- Insecure Configurations – Detects weak security configurations in the code.
- XSS Vulnerabilities – Scans for cross-site scripting attacks.
- Unsafe Deserialization – Prevents object deserialization attacks.
- Malicious Packages – Identifies unsafe dependencies in package files.
- Crypto Mining Scripts – Detects unauthorized crypto mining operations.
- Data Exfiltration – Alerts on suspicious data exfiltration attempts.
- Obfuscated Code – Highlights hidden or suspiciously encoded code.
- Suspicious URLs – Warns about links leading to phishing or malicious sites.
- Hardcoded IPs – Flags static IP addresses that may pose security risks.
- Debug Code – Detects leftover debugging or testing code that could be exploited.
This demonstrates how the bot integrates seamlessly with GitHub workflow to detect and prevent security issues before merging.
- Install the GitHub App – Click here to install
- Grant Repository Access – Allow the bot to scan PRs and provide security feedback.
- Configure Settings – Set up thresholds and customize bot behavior.
- Monitor PRs in Real-Time – The bot will start analyzing incoming PRs automatically!
- A new pull request is created 📌
- The bot scans the PR for security threats 🔍
- A security score is assigned (0-100) 📊
- Inline comments highlight potential risks
⚠️ - PR is auto-closed if the score < 40 ❌
- Safe PRs remain open for review ✅
- Probot – Framework for building GitHub Apps
- Node.js – JavaScript runtime
- Flask – Python web server handling AI integration
- Gemini LLM, LangChain, FAISS – AI and vector search technologies