Skip to main content
GitHub Review Agent performs security reviews on pull requests. It analyzes code changes for vulnerabilities and posts findings as inline review comments directly on the PR, integrating security review into the development workflow.

What it does

  • PR security review: scans changed code for vulnerabilities including injection flaws, insecure configurations, authentication issues, and logic errors
  • Inline comments: posts findings as review comments on the specific lines where issues occur
  • Finding verification: independently verifies review findings before reporting to reduce false positives
  • GitHub issue creation: creates GitHub issues for confirmed findings that require tracking beyond the PR
  • Incremental reviews: supports reviewing only the delta in updated PRs rather than re-reviewing unchanged code
  • Repository configuration: respects repo-level configuration for review tone, severity thresholds, gating rules, and path exclusions
  • Nuclei review guidance: uses Nuclei review guides for structured vulnerability detection patterns

How it fits in

GitHub Review Agent is triggered automatically on pull requests via the GitHub integration. See the GitHub integration page for setup instructions. It can also be invoked manually by asking Neo to review a specific PR.