# Automate Reviewdog Security Reviews Security findings often reach developers too late in the review cycle. This skill helps configure reviewdog so scanner and linter results appear directly in pull requests. ## Install ```bash npx skillstore add agentsecops/reviewdog ``` ## Metadata - - Slug: agentsecops-reviewdog - - Version: 0.1.0 - - Author: AgentSecOps - - GitHub username: AgentSecOps - - License: MIT - - Repository: https://github.com/AgentSecOps/SecOpsAgentKit/tree/main/skills/secsdlc/reviewdog - - Ref: main - - Supported tools: Claude, Codex, Claude Code - - Risk level: high - - Risk factors: scripts, network, filesystem, env\_access, external\_commands - - Quality score: 38 - - Quality tier: warning - - Public page: https://skillstore.pages.dev/skills/agentsecops-reviewdog - - Manifest: https://skillstore.pages.dev/api/skills/agentsecops-reviewdog/manifest ## Capabilities - Explains reviewdog workflows for turning scanner output into review comments. - Provides GitHub Actions examples for Bandit, Semgrep, Gitleaks, Hadolint, Checkov, and ShellCheck. - Provides GitLab CI examples for merge request security discussions. - Includes pre-commit hook examples for local reviewdog feedback. - Maps common scanner findings to CWE and security categories. - Documents reporter formats and when each reviewdog reporter is useful. ## Use Cases - Add Pull Request Security Comments: Configure CI so new SAST and secret findings appear as inline review comments. - Standardize Team Linting Feedback: Use one reviewdog flow to publish output from several linters and scanners. - Shift Findings Into Local Development: Add pre-commit reviewdog hooks so developers see scanner feedback before opening a pull request. ## Prompt Templates ### Choose A Basic Reviewdog Setup ``` Help me choose a simple reviewdog setup for a GitHub repository that uses Python and pull requests. ``` ### Create A GitHub Actions Workflow ``` Draft a GitHub Actions reviewdog workflow for Semgrep, Bandit, Gitleaks, and ShellCheck with least privilege permissions. ``` ### Tune Findings For Developer Signal ``` Review my reviewdog plan and suggest filter modes, severity thresholds, and scanner exclusions for fewer false positives. ``` ### Design A Multi-Repo Rollout ``` Design a phased reviewdog rollout for GitHub and GitLab repositories, including token permissions, branch protections, scanner pinning, and failure policies. ``` ## Limitations - Does not run scanners or validate results by itself. - Requires reviewdog and each selected scanner to be installed or available in CI. - Templates need repository-specific permission and branch protection review. - Scanner accuracy depends on selected rules, language support, and exclusions. ## Best Practices - Pin scanner, action, and container versions before using templates in production. - Use least privilege tokens and avoid token-bearing jobs for untrusted pull request code. - Start with added-line filtering, then expand coverage after false positives are understood. ## Anti Patterns - Do not copy CI templates without reviewing token permissions and runner trust boundaries. - Do not run every expensive scanner on every pull request without caching or scope controls. - Do not treat reviewdog comments as proof that a repository is vulnerability free. ## Security Audit - - Safe to publish: false - - Audited at: 2026-06-28T06:01:09.604\+00:00 - - Summary: Static analysis found many command, network, filesystem, and token patterns. Most are expected for a reviewdog CI integration skill, but the GitLab template includes a confirmed curl-to-shell installer pattern that should be remediated before publication. No prompt injection or confirmed malicious exfiltration intent was found. ## Stats - - Views: 261 - - Downloads: 8 - - Favorites: 0 - - Popularity score: 0