Skip to content

step-security/ai-codewise

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
.github
.github
 
 
images
images
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
action.yml
action.yml
 
 
apiclient.go
apiclient.go
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

AI-CodeWise

Maintained by stepsecurity.io License: Apache 2.0

AI-Powered Code Reviews for Best Practices & Security Issues Across Languages

AI-CodeWise GitHub Action is an AI Code Reviewer.

  • It is triggered on a pull request and sends the diff of the code files to the StepSecurity API, which then employs prompt engineering to call the Azure OpenAI API to review the code.

  • AI-CodeWise automatically adds a pull request comment using the StepSecurity bot account.

  • The comment contains detailed information about the identified issues to improve code quality and address potential security vulnerabilities.

Sequence diagram

Usage

To use AI-CodeWise, add this GitHub Actions workflow to your repositories

name: Code Review
on:
  pull_request:
permissions:
  contents: read
jobs:
  code-review:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      pull-requests: read
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 # v2.4.0
        with:
          disable-sudo: true
          egress-policy: block
          allowed-endpoints: >
            api.github.com:443
            int.api.stepsecurity.io:443

      - name: Code Review
        uses: step-security/ai-codewise@v1

When you create a pull request in the repository, the workflow will get triggered and add a pull request comment. Here is an screenshot of what the comment will look like:

Comparison with existing SAST and IaC scanners

AI-CodeWise differentiates itself from existing rule-based scanners by offering the following advantages:

  1. Comprehensive Code Review: AI-CodeWise is a single code reviewer tool that can detect code smells, best practice violations, and security issues. Furthermore, it does this across different programming languages, making it a versatile solution for your code review needs.

  2. Unanticipated Issues Detection: By harnessing the power of AI, AI-CodeWise can identify potential problems that traditional rule-based systems may not have considered or anticipated. This ensures a more thorough code analysis and helps prevent potential vulnerabilities from slipping through the cracks.

  3. Suggested Fixes: In addition to identifying issues, AI-CodeWise goes a step further by suggesting code changes to implement fixes directly in the PR comment. These actionable insights empower developers to resolve issues more efficiently, ultimately improving overall code quality and security.

Examples

Here are a few example pull requests with PR comments from AI-CodeWise

Limitations

  • AI-CodeWise will only review changes if the total number of file changes in a pull request is less than 10.
  • AI-CodeWise will only review changes if the total characters in the changes are less than 20K.
  • AI-CodeWise only works for public repositories as of now. To use on a private repository, please join the beta.

About

AI-Powered Code Reviews for Best Practices & Security Issues Across Languages

Resources

Readme

License

Apache-2.0 license

Security policy

Security policy
Activity
Custom properties

Stars

21 stars

Watchers

1 watching

Forks

11 forks
Report repository

Releases 1

v1.0.0 Latest
May 10, 2023

Packages

 
 
 

Contributors 3

Languages