Skip to main content
Get security feedback directly in pull requests to prevent vulnerable code from being merged.

How PR Scanning Works

PR scanning analyzes only the code changes in a pull request—faster than full repository scans.

Differential Analysis

CodeThreat scans:
  • ✅ Modified files
  • ✅ New files
  • ✅ Changed lines and surrounding context
  • ❌ Unchanged files (skipped for speed)
Result: Faster scans (30 seconds to 2 minutes) with focused feedback on your changes.

Enable PR Scanning

1

Open Repository Settings

Repository → SettingsPull Requests
2

Enable PR Scanning

Toggle Auto-scan on PR to enabled
3

Configure Options

  • Post PR comments
  • AI PR reviews
  • Block merge on failure
4

Save Configuration

Click Save to activate PR scanning

PR Check Status

CodeThreat appears as a status check on pull requests:
StatusDescriptionActions
PendingScan in progressWait for completion (typically 1-2 min)
SuccessNo blocking violationsSafe to merge
FailedSecurity issues foundReview and fix violations
⚠️ WarningNon-blocking issuesConsider fixing before merge

Pass/Fail Criteria

Configure what causes a PR check to fail:
  • Fail on Critical: Yes
  • Fail on High: Yes
  • Fail on Medium: No
  • Fail on Low: No
Start by failing only on Critical violations, then progressively tighten criteria as your security posture improves.

PR Comments

When enabled, CodeThreat posts comments directly on your pull request.

Summary Comment

Posted at the PR level with overall results:
  • Security status
  • Summary of violations found
  • Top issues list
  • Link to full results

Inline Comments

Posted on specific lines with vulnerabilities:
  • Issue description
  • Security impact
  • Fix recommendations
  • Code examples

Resolving Comments

  1. Fix the vulnerability in your code
  2. Push the fix
  3. PR re-scans automatically
  4. If issue is fixed, comment auto-resolves

Branch Protection

Prevent merging vulnerable code with branch protection rules.

GitHub Branch Protection

1

Open Branch Settings

Repository → SettingsBranches → Select branch (e.g., main)
2

Require Status Checks

Enable Require status checks to pass before merging
3

Select CodeThreat Check

Search for and select CodeThreat Security Scan
4

Save Rules

Click Save changes

Best Practices

  • Enable PR scanning for all repositories
  • Use branch protection to enforce security gates
  • Review PR comments promptly
  • Fix critical issues before merging
  • Use AI PR reviews for deeper analysis

Next Steps

AI PR Reviews

Enable intelligent PR analysis

Automated Scanning

Set up continuous scanning