Code Review¶
This guide explains how CloudAEye performs code reviews.
For doing code review in VS Code refer Code Review
Overview¶
CloudAEye performs code reviews, identifying potential bugs and security issues along with their fixes, when you comment @cloudaeye /review
in the PR timeline.
Prerequisites¶
Step 1: Register¶
Sign up with CloudAEye SaaS.
Step 2: Install GitHub App¶
Integrate with GitHub by installing the GitHub app.
Step 3: Connect Github Repositories¶
Connect the repositories where you would like to use CloudAEye to review code.
Initiate Code Review¶
To initiate a code review for your connected repository, comment @cloudaeye /review
.
Risk Score Guidelines¶
- 5.0: Critical - Immediate system-level security risk
- 4.0: High - Significant security risk requiring urgent attention
- 3.0: Medium - Notable security concern requiring attention
- 2.0: Low - Minor security issue that should be addressed
- 1.0: Info - Potential security improvement
- 0.0: None - No security impact
Bug Report¶
CloudAEye provides details about potential bugs that has been found in a PR code change. It includes following details:
- Bug Priority
- Bug Details
- Where this bug was found
- Possible Fix
Security Report¶
CloudAEye provides details about potential security issues that has been found in a PR code change. It includes following details:
- Security Issue Type
- Security Issue Details
- Where this Security Issue was found
- Possible Fix
Categories used for Security vulnerability¶
- Broken Authentication
- Sensitive Data Exposure
- Broken Access Control
- Injection
- Cross-Site Scripting (XSS)
- Security Misconfiguration
- XML External Entities (XXE)
- Insecure Deserialization
- Insufficient Logging & Monitoring
LLM Security Report¶
CloudAEye provides details about potential LLM security issues and vulnerabilities introduced by the use of large language models (LLMs) in applications. These include:
- Security Issue Priority
- Security Issue Details
- Where this Security Issue was found
- Possible Fix
Categories used for LLM security alerts¶
- Output Handling and Agency Control
- Agency and Autonomy Issues
- Sensitive Information Protection
- Injection Attack
- Over-Reliance Assessment
- Cost and Resource Management
AI Code Report¶
CloudAEye scans your PR code changes and provides details about potential code issues found. These include:
- Issue Priority
- Issue Details
- Possible Fix