Skip to content

Code Review in VS Code

Overview

CloudAEye performs code reviews, identifying potential bugs and security issues along with their fixes. This guide explains how CloudAEye performs code reviews from VS Code.

Code Review in GitHub

For performing Code Review in GitHub refer to GitHub:Code Review page.

Prerequisites

Step 1: Setup Code Review

Configure Code Review.

Step 2: Setup VS Code Extension

Setup the VS Code Extension.

Initiate Code Review

To initiate a code review for your connected repository, click on the CloudAEeye: Code Review button in the SCM section.

Demo GIF

Risk Score Guidelines

Score Type Description
5.0 Critical Immediate system-level security risk
4.0 High Significant security risk requiring urgent attention
3.0 Medium Notable security concern requiring attention
2.0 Low Minor security issue that should be addressed
1.0 Info Potential security improvement
0.0 None No security impact

Bug Report

CloudAEye provides details about potential bugs that has been found in a PR code change. It includes following details:

  • Bug Priority
  • Bug Details
  • Where this bug was found
  • Possible Fix

Code Review - Bug Report

Security Report

CloudAEye provides details about potential security issues that has been found in a PR code change. It includes following details:

  • Security Issue Type
  • Security Issue Details
  • Where this Security Issue was found
  • Possible Fix

Code Review - Security Report

Categories used for Security vulnerability

- Broken Authentication
- Sensitive Data Exposure
- Broken Access Control
- Injection
- Cross-Site Scripting (XSS)
- Security Misconfiguration
- XML External Entities (XXE)
- Insecure Deserialization
- Insufficient Logging & Monitoring

LLM Security Report

CloudAEye provides details about potential LLM security issues and vulnerabilities introduced by the use of large language models (LLMs) in applications. These include:

  • Security Issue Priority
  • Security Issue Details
  • Where this Security Issue was found
  • Possible Fix

Code Review - Security Report

Categories used for LLM security alerts

- Output Handling and Agency Control
- Agency and Autonomy Issues
- Sensitive Information Protection
- Injection Attack
- Over-Reliance Assessment
- Cost and Resource Management

AI Security Report

CloudAEye provides details about potential Agentic Security Initiative(ASI) issues and vulnerabilities introduced by the use of autonomous AI agents in applications. These include:

  • Security Issue Type
  • Security Issue Details
  • Where this Security Issue was found
  • Possible Fix
  • Issue Severity

Code Review - Security Report