Skip to content

A GitHub Action that uses OpenAI's GPT to identify security and privacy vulnerabilities and comment to the pull requests

License

Notifications You must be signed in to change notification settings

obetomuniz/ai-security-check-for-pull-requests-action

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace

Repository files navigation

AI Security Check for Pull Requests

This GitHub Action uses OpenAI's GPT to analyze code in pull requests and identify potential security and privacy vulnerabilities and comment to the pull request with the findings.

Configuration

To configure this action in your repository, you should set up the following secrets:

GH_TOKEN

Setup this secret with a GitHub Personal Access Token with the repo and write:discussion scopes enabled. This token is used to fetch pull request details and add comments to the pull request.

OPENAI_TOKEN

Setup this secret with your OpenAI API Key, which is required to make API calls to OpenAI's GPT.

Workflow File (e.g. ./github/workflows/ai-security-check-for-pr.yml)

Create a new workflow file in your repository and paste the following content:

name: AI Security Check for Pull Requests

on:
  pull_request:
    branches:
      - main

jobs:
  ai_security_check_for_pull_requests:
    runs-on: ubuntu-latest

    steps:
      - name: Check out repository
        uses: actions/checkout@v2

      - name: Set up Node.js
        uses: actions/setup-node@v2
        with:
          node-version: 16

      - name: Install dependencies
        run: npm ci

      - name: Finding security and privacy code vulnerabilities
        id: ai_security_check
        uses: obetomuniz/[email protected]
        env:
          GH_TOKEN: ${{ secrets.GH_TOKEN }}
          GH_REPOSITORY: ${{ github.repository }}
          GH_EVENT_PULL_REQUEST_NUMBER: ${{ github.event.number }}
          OPENAI_TOKEN: ${{ secrets.OPENAI_TOKEN }}

      - name: Comment on pull request
        uses: actions/github-script@v6
        env:
          PR_COMMENT: ${{ steps.ai_security_check.outputs.pr_comment }}
        with:
          github-token: ${{ secrets.GH_TOKEN }}
          script: |
            const prComment = process.env.PR_COMMENT || "No security or privacy issues found.";
            const { data } = await github.rest.issues.createComment({
              issue_number: context.issue.number,
              owner: context.repo.owner,
              repo: context.repo.repo,
              body: prComment
            });

Replace main with your default branch if necessary.

Usage

Once the action is configured, it will automatically run and analyze the code in each pull request targeting the specified branch(es). If it finds any security or privacy issues, it will add a comment to the pull request with the findings. Otherwise, it will comment that no issues were found.

About

A GitHub Action that uses OpenAI's GPT to identify security and privacy vulnerabilities and comment to the pull requests

Resources

License

Stars

Watchers

Forks