GuardiAI is an automated code review bot that checks submitted pull requests for potential security vulnerabilities. It utilizes a webhook to receive notifications when pull requests are created, and provides feedback on the code changes to help maintain a secure codebase.
- Listens for pull request events using a webhook.
- Analyzes the code changes in a pull request for potential security vulnerabilities.
- Provides feedback on detected issues, such as SQL injections, insecure file access, or the use of
eval()
.
To set up GuardiAI, follow these steps:
-
Clone this repository and install the dependencies:
- git clone https://github.com/yourusername/GuardiAI.git
- cd GuardiAI
- npm install
-
Create a
.env.local
file in the root folder and add your GitHub App ID and Open API Key:- GITHUB_APP_ID=your_github_app_id
- OPENAI_API_KEY=your_openapi_key
-
Deploy the application to Vercel or a similar platform.
-
In your GitHub repository settings, set up a webhook with the following configuration:
- Payload URL: https://your-app-url.vercel.app/api/webhook
- Content type: application/json
- Secret: your_github_app_secret
- Events: Select "Pull requests"
-
Once the webhook is set up, GuardiAI will listen for pull request events and provide feedback on code changes.
To test GuardiAI, create a new branch in your repository, make changes to the code, and create a pull request. GuardiAI will automatically analyze the code changes and provide feedback on potential security vulnerabilities.
Contributions are welcome! Feel free to submit issues, feature requests, or pull requests to help improve GuardiAI.
This project is licensed under the MIT License. See the LICENSE file for details.