reviewdog
Add automated security code review to CI/CD pipelines
Security scanning results are scattered across CI logs and missed by reviewers. Reviewdog aggregates findings from multiple security tools into inline pull request comments, making vulnerabilities visible where developers work.
تنزيل ZIP المهارة
رفع في Claude
اذهب إلى Settings → Capabilities → Skills → Upload skill
فعّل وابدأ الاستخدام
اختبرها
استخدام "reviewdog". Add reviewdog security scanning with Semgrep and Bandit to my CI pipeline
النتيجة المتوقعة:
- Created GitHub Actions workflow with multi-tool security scanning
- Configured Semgrep to run with ERROR severity and fail on critical findings
- Added Bandit Python security scanner as secondary check
- Set up filter-mode=added to show only new issues in PR diff
- Configured reviewdog to post comments as github-pr-review
- Files generated: .github/workflows/security-review.yml, .reviewdog.yml
استخدام "reviewdog". Set up pre-commit hooks for security scanning with gitleaks and hadolint
النتيجة المتوقعة:
- Created pre-commit configuration with reviewdog integration
- Added gitleaks secret detection hook running with local reporter
- Added hadolint Dockerfile scanning hook
- Configured error-level findings to fail the commit check
- Installed pre-commit hooks to local repository
استخدام "reviewdog". Configure reviewdog for GitLab CI with Checkov and ShellCheck
النتيجة المتوقعة:
- Generated GitLab CI configuration with reviewdog integration
- Added Checkov Terraform security scanning stage
- Added ShellCheck for shell script validation
- Configured mr-discussion reporter for merge request comments
- Set up filter-mode=diff_context to show only changed files
التدقيق الأمني
آمنDocumentation-only skill containing CI/CD templates and reference materials for reviewdog security integration. All static findings are false positives from legitimate DevSecOps documentation. The skill describes running security scanners (Semgrep, Bandit, Gitleaks) and posting results to PRs - this is standard, documented CI/CD behavior using properly secured token management via GitHub/GitLab secrets.
عوامل الخطر
⚙️ الأوامر الخارجية (3)
🔑 متغيرات البيئة (3)
درجة الجودة
ماذا يمكنك بناءه
Enforce security standards in PRs
Configure reviewdog to block merges when critical vulnerabilities are detected, ensuring security gates are never bypassed.
Automate security feedback loops
Add security scanning to CI pipelines that posts findings directly to pull requests, reducing time to remediation.
Catch issues before merge
Get inline security annotations on vulnerable code patterns during code review, with links to CWE references.
جرّب هذه الموجهات
Set up reviewdog in my GitHub Actions workflow to run Semgrep with error-level findings posted as PR review comments
Create a reviewdog configuration that runs Bandit for Python, Gitleaks for secrets, and Checkov for IaC security in parallel
Configure reviewdog to only show new security issues introduced in the PR and fail the build for critical findings
Add a custom grep-based security check to my reviewdog configuration that detects dangerous function usage like eval() and exec()
أفضل الممارسات
- Use fail-on-error=true for critical severity findings to block vulnerable code from merging
- Configure filter-mode=added or diff_context to reduce noise from existing issues
- Store API tokens in CI secrets (GITHUB_TOKEN, GITLAB_TOKEN) rather than hardcoding
تجنب
- Running reviewdog without filter-mode on large repositories creates overwhelming comment volume
- Using personal access tokens instead of CI service tokens with excessive permissions
- Skipping baseline files for existing vulnerabilities creates noise when starting adoption