How PR Scanning Works
PR scanning analyzes only the code changes in a pull request—faster than full repository scans.Differential Analysis
CodeThreat scans:- ✅ Modified files
- ✅ New files
- ✅ Changed lines and surrounding context
- ❌ Unchanged files (skipped for speed)
Enable PR Scanning
PR Check Status
CodeThreat appears as a status check on pull requests:| Status | Description | Actions |
|---|---|---|
| ⏳ Pending | Scan in progress | Wait for completion (typically 1-2 min) |
| ✅ Success | No blocking violations | Safe to merge |
| ❌ Failed | Security issues found | Review and fix violations |
| ⚠️ Warning | Non-blocking issues | Consider fixing before merge |
Pass/Fail Criteria
Configure what causes a PR check to fail:- Fail on Critical: Yes
- Fail on High: Yes
- Fail on Medium: No
- Fail on Low: No
PR Comments
When enabled, CodeThreat posts comments directly on your pull request.Summary Comment
Posted at the PR level with overall results:- Security status
- Summary of violations found
- Top issues list
- Link to full results
Inline Comments
Posted on specific lines with vulnerabilities:- Issue description
- Security impact
- Fix recommendations
- Code examples
Resolving Comments
- Fix the vulnerability in your code
- Push the fix
- PR re-scans automatically
- If issue is fixed, comment auto-resolves
Branch Protection
Prevent merging vulnerable code with branch protection rules.GitHub Branch Protection
Best Practices
- Enable PR scanning for all repositories
- Use branch protection to enforce security gates
- Review PR comments promptly
- Fix critical issues before merging
- Use AI PR reviews for deeper analysis
Next Steps
AI PR Reviews
Enable intelligent PR analysis
Automated Scanning
Set up continuous scanning