Skip to main content
CodeThreat integrates directly into your pull request workflow to provide security feedback before code is merged. Every PR triggers deterministic scanning (SAST, SCA, Secrets, IaC), False Positive Elimination, and PR Review Agent for complete security coverage.

Pull Request Workflow

Why PR Security Scanning?

Shift Left

Catch vulnerabilities during code review, not after deployment

Fast Feedback

Get security insights in minutes, not days

Block Vulnerable Code

Prevent insecure code from reaching main branches

Developer-Friendly

Security feedback in your existing workflow

How It Works

1

PR Created

Developer creates or updates a pull request
2

Scan Triggered

CodeThreat automatically scans changed files with deterministic engines (SAST, SCA, Secrets, IaC)
3

Agentic Analysis

False Positive Elimination filters SAST results, PR Review Agent analyzes changes for security issues
4

Results Posted

  • GitHub Check shows pass/fail
  • Summary comment with findings
  • Inline comments on vulnerable code
5

Developer Fixes

Developer addresses security feedback
6

Re-Scan

Updated PR is automatically re-scanned
7

Approval

Once checks pass, PR can be merged

Enable PR Integration

View PR Scanning setup → Enable AI PR Reviews →

What’s Next?

PR Scanning

Set up PR security scanning

AI PR Reviews

Enable intelligent AI analysis

Automated Scanning

Configure automated triggers

GitHub Checks

Understand PR status checks