Get security feedback directly in pull requests to prevent vulnerable code from being merged.
How PR Scanning Works
PR scanning analyzes only the code changes in a pull request—faster than full repository scans.
Differential Analysis
CodeThreat scans:
- ✅ Modified files
- ✅ New files
- ✅ Changed lines and surrounding context
- ❌ Unchanged files (skipped for speed)
Result: Faster scans (30 seconds to 2 minutes) with focused feedback on your changes.
Enable PR Scanning
Open Repository Settings
Repository → Settings → Pull Requests
Enable PR Scanning
Toggle Auto-scan on PR to enabled
Configure Options
- Post PR comments
- AI PR reviews
- Block merge on failure
Save Configuration
Click Save to activate PR scanning
PR Check Status
CodeThreat appears as a status check on pull requests:
| Status | Description | Actions |
|---|
| ⏳ Pending | Scan in progress | Wait for completion (typically 1-2 min) |
| ✅ Success | No blocking violations | Safe to merge |
| ❌ Failed | Security issues found | Review and fix violations |
| ⚠️ Warning | Non-blocking issues | Consider fixing before merge |
Pass/Fail Criteria
Configure what causes a PR check to fail:
- Fail on Critical: Yes
- Fail on High: Yes
- Fail on Medium: No
- Fail on Low: No
Start by failing only on Critical violations, then progressively tighten criteria as your security posture improves.
When enabled, CodeThreat posts comments directly on your pull request.
Posted at the PR level with overall results:
- Security status
- Summary of violations found
- Top issues list
- Link to full results
Posted on specific lines with vulnerabilities:
- Issue description
- Security impact
- Fix recommendations
- Code examples
- Fix the vulnerability in your code
- Push the fix
- PR re-scans automatically
- If issue is fixed, comment auto-resolves
Branch Protection
Prevent merging vulnerable code with branch protection rules.
GitHub Branch Protection
Open Branch Settings
Repository → Settings → Branches → Select branch (e.g., main)
Require Status Checks
Enable Require status checks to pass before merging
Select CodeThreat Check
Search for and select CodeThreat Security Scan
Save Rules
Click Save changes
Best Practices
- Enable PR scanning for all repositories
- Use branch protection to enforce security gates
- Review PR comments promptly
- Fix critical issues before merging
- Use AI PR reviews for deeper analysis
Next Steps
