GitSniff LogoGitSniffDocs
FeaturesCode Review

Security Scanning

Automated security scanning with Bearer, Semgrep, and Trivy.

GitSniff integrates multiple security scanning tools that run alongside AI analysis to catch vulnerabilities and security issues.

Available scanners

Bearer

Bearer scans for sensitive data exposure in your code:

  • API keys and secrets
  • Database credentials
  • Personal data handling issues
  • Authentication token exposure

Semgrep

Semgrep performs pattern-based code analysis:

  • Common vulnerability patterns (OWASP Top 10)
  • Language-specific anti-patterns
  • Framework-specific security issues
  • Custom rule support

Trivy

Trivy scans your project dependencies and containers:

  • Known dependency vulnerabilities (CVEs)
  • Outdated packages with security patches
  • Container image vulnerabilities
  • License compliance issues

Lint

Basic code quality and style checks that can catch common programming errors.

How scanning works

Security scans are triggered automatically during the analysis pipeline:

  1. The pre-analysis step determines which scanners are relevant based on the PR changes
  2. Relevant scanners run in parallel for speed
  3. Results are fed into the AI analysis step for context-aware interpretation
  4. Findings appear in the review alongside AI-generated feedback

This approach means the AI model can interpret scanner findings in context, reducing false positives and providing more actionable recommendations.

Scan results

Security findings are categorized by severity:

SeverityMeaning
CriticalImmediate security risk, should be fixed before merging
HighSignificant security concern
MediumPotential security issue worth reviewing
LowMinor issue or best practice suggestion

PR Summary

AI-generated pull request summaries that provide context for reviewers.

Chat

Interactive AI assistant for discussing code in your pull requests.

On this page

Available scannersBearerSemgrepTrivyLintHow scanning worksScan results