reviewdog
Add automated security code review to CI/CD pipelines
Security scanning results are scattered across CI logs and missed by reviewers. Reviewdog aggregates findings from multiple security tools into inline pull request comments, making vulnerabilities visible where developers work.
Baixar o ZIP da skill
Upload no Claude
Vá em Configurações → Capacidades → Skills → Upload skill
Ative e comece a usar
Testar
A utilizar "reviewdog". Add reviewdog security scanning with Semgrep and Bandit to my CI pipeline
Resultado esperado:
- Created GitHub Actions workflow with multi-tool security scanning
- Configured Semgrep to run with ERROR severity and fail on critical findings
- Added Bandit Python security scanner as secondary check
- Set up filter-mode=added to show only new issues in PR diff
- Configured reviewdog to post comments as github-pr-review
- Files generated: .github/workflows/security-review.yml, .reviewdog.yml
A utilizar "reviewdog". Set up pre-commit hooks for security scanning with gitleaks and hadolint
Resultado esperado:
- Created pre-commit configuration with reviewdog integration
- Added gitleaks secret detection hook running with local reporter
- Added hadolint Dockerfile scanning hook
- Configured error-level findings to fail the commit check
- Installed pre-commit hooks to local repository
A utilizar "reviewdog". Configure reviewdog for GitLab CI with Checkov and ShellCheck
Resultado esperado:
- Generated GitLab CI configuration with reviewdog integration
- Added Checkov Terraform security scanning stage
- Added ShellCheck for shell script validation
- Configured mr-discussion reporter for merge request comments
- Set up filter-mode=diff_context to show only changed files
Auditoria de Segurança
SeguroDocumentation-only skill containing CI/CD templates and reference materials for reviewdog security integration. All static findings are false positives from legitimate DevSecOps documentation. The skill describes running security scanners (Semgrep, Bandit, Gitleaks) and posting results to PRs - this is standard, documented CI/CD behavior using properly secured token management via GitHub/GitLab secrets.
Fatores de risco
⚙️ Comandos externos (3)
🔑 Variáveis de ambiente (3)
Pontuação de qualidade
O Que Você Pode Construir
Enforce security standards in PRs
Configure reviewdog to block merges when critical vulnerabilities are detected, ensuring security gates are never bypassed.
Automate security feedback loops
Add security scanning to CI pipelines that posts findings directly to pull requests, reducing time to remediation.
Catch issues before merge
Get inline security annotations on vulnerable code patterns during code review, with links to CWE references.
Tente Estes Prompts
Set up reviewdog in my GitHub Actions workflow to run Semgrep with error-level findings posted as PR review comments
Create a reviewdog configuration that runs Bandit for Python, Gitleaks for secrets, and Checkov for IaC security in parallel
Configure reviewdog to only show new security issues introduced in the PR and fail the build for critical findings
Add a custom grep-based security check to my reviewdog configuration that detects dangerous function usage like eval() and exec()
Melhores Práticas
- Use fail-on-error=true for critical severity findings to block vulnerable code from merging
- Configure filter-mode=added or diff_context to reduce noise from existing issues
- Store API tokens in CI secrets (GITHUB_TOKEN, GITLAB_TOKEN) rather than hardcoding
Evitar
- Running reviewdog without filter-mode on large repositories creates overwhelming comment volume
- Using personal access tokens instead of CI service tokens with excessive permissions
- Skipping baseline files for existing vulnerabilities creates noise when starting adoption