Skip to content

Code Review

This guide explains how CloudAEye performs code reviews.

For doing code review in VS Code refer Code Review

Overview

CloudAEye performs code reviews, identifying potential bugs and security issues along with their fixes, when you comment @cloudaeye /review in the PR timeline.

Prerequisites

Step 1: Register

Sign up with CloudAEye SaaS.

Step 2: Install GitHub App

Integrate with GitHub by installing the GitHub app.

Step 3: Connect Github Repositories

Connect the repositories where you would like to use CloudAEye to review code.

Initiate Code Review

To initiate a code review for your connected repository, comment @cloudaeye /review.

Risk Score Guidelines

  • 5.0: Critical - Immediate system-level security risk
  • 4.0: High - Significant security risk requiring urgent attention
  • 3.0: Medium - Notable security concern requiring attention
  • 2.0: Low - Minor security issue that should be addressed
  • 1.0: Info - Potential security improvement
  • 0.0: None - No security impact

Bug Report

CloudAEye provides details about potential bugs that has been found in a PR code change. It includes following details:

  • Bug Priority
  • Bug Details
  • Where this bug was found
  • Possible Fix

Code Review - Bug Report

Security Report

CloudAEye provides details about potential security issues that has been found in a PR code change. It includes following details:

  • Security Issue Type
  • Security Issue Details
  • Where this Security Issue was found
  • Possible Fix

Code Review - Security Report

Categories used for Security vulnerability

- Broken Authentication
- Sensitive Data Exposure
- Broken Access Control
- Injection
- Cross-Site Scripting (XSS)
- Security Misconfiguration
- XML External Entities (XXE)
- Insecure Deserialization
- Insufficient Logging & Monitoring

LLM Security Report

CloudAEye provides details about potential LLM security issues and vulnerabilities introduced by the use of large language models (LLMs) in applications. These include:

  • Security Issue Priority
  • Security Issue Details
  • Where this Security Issue was found
  • Possible Fix

Code Review - Security Report

Categories used for LLM security alerts

- Output Handling and Agency Control
- Agency and Autonomy Issues
- Sensitive Information Protection
- Injection Attack
- Over-Reliance Assessment
- Cost and Resource Management

AI Code Report

CloudAEye scans your PR code changes and provides details about potential code issues found. These include:

  • Issue Priority
  • Issue Details
  • Possible Fix

Code Review - Security Report