This GitHub Action uses OpenAI's GPT to analyze code in pull requests and identify potential security and privacy vulnerabilities and comment to the pull request with the findings.
To configure this action in your repository, you should set up the following secrets:
Setup this secret with a GitHub Personal Access Token with the repo and write:discussion scopes enabled. This token is used to fetch pull request details and add comments to the pull request.
Setup this secret with your OpenAI API Key, which is required to make API calls to OpenAI's GPT.
Create a new workflow file in your repository and paste the following content:
name: AI Security Check for Pull Requests
on:
pull_request:
branches:
- main
jobs:
ai_security_check_for_pull_requests:
runs-on: ubuntu-latest
steps:
- name: Check out repository
uses: actions/checkout@v2
- name: Set up Node.js
uses: actions/setup-node@v2
with:
node-version: 16
- name: Install dependencies
run: npm ci
- name: Finding security and privacy code vulnerabilities
id: ai_security_check
uses: obetomuniz/[email protected]
env:
GH_TOKEN: ${{ secrets.GH_TOKEN }}
GH_REPOSITORY: ${{ github.repository }}
GH_EVENT_PULL_REQUEST_NUMBER: ${{ github.event.number }}
OPENAI_TOKEN: ${{ secrets.OPENAI_TOKEN }}
- name: Comment on pull request
uses: actions/github-script@v6
env:
PR_COMMENT: ${{ steps.ai_security_check.outputs.pr_comment }}
with:
github-token: ${{ secrets.GH_TOKEN }}
script: |
const prComment = process.env.PR_COMMENT || "No security or privacy issues found.";
const { data } = await github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: prComment
});Replace main with your default branch if necessary.
Once the action is configured, it will automatically run and analyze the code in each pull request targeting the specified branch(es). If it finds any security or privacy issues, it will add a comment to the pull request with the findings. Otherwise, it will comment that no issues were found.