DEV Community: SAURABH JHA The latest articles on DEV Community by SAURABH JHA (@saurabh_jha_5f41b9936ac61). https://dev.to/saurabh_jha_5f41b9936ac61 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3423904%2Fb8d9aefe-4f47-4b57-a071-b3424e7855c8.jpg DEV Community: SAURABH JHA https://dev.to/saurabh_jha_5f41b9936ac61 en SecurePR: Automatically Scan Every GitHub Pull Request for Vulnerabilities – Free & Open Source SAURABH JHA Sat, 09 Aug 2025 16:35:36 +0000 https://dev.to/saurabh_jha_5f41b9936ac61/securepr-automatically-scan-every-github-pull-request-for-vulnerabilities-free-open-source-1d7i https://dev.to/saurabh_jha_5f41b9936ac61/securepr-automatically-scan-every-github-pull-request-for-vulnerabilities-free-open-source-1d7i <p>Every day, developers merge pull requests (PRs) without realizing they might be introducing security vulnerabilities into production.<br> Sometimes it’s because security scanning tools are complex, paid, or simply not part of the workflow.</p> <p>That’s why I built SecurePR – an open-source GitHub Action that runs Trivy and Semgrep on every pull request and posts the results directly as a comment.<br> No servers, no hidden costs, no setup headaches.</p> <p>Why SecurePR?</p> <p>No Manual Scanning – Runs automatically for every PR.</p> <p>Free &amp; Open Source – No licensing, no trial limits.</p> <p>Lightweight – Works directly in GitHub Actions.</p> <p>Two Powerful Scanners – Trivy for dependency scanning + Semgrep for static code analysis.</p> <p>How It Works</p> <ol> <li><p>A contributor opens a PR on your repo.</p></li> <li><p>SecurePR runs Trivy to detect dependency vulnerabilities.</p></li> <li><p>SecurePR runs Semgrep to find code security issues.</p></li> <li><p>A single PR comment appears with all findings.</p></li> </ol> <p>Getting Started</p> <ol> <li><p>Go to your repo on GitHub.</p></li> <li><p>Add the securepr.yml workflow file from our GitHub repo.</p></li> <li><p>Commit &amp; push.</p></li> <li><p>Done – every new PR will be scanned automatically.</p></li> </ol> <p>Support SecurePR</p> <p>If you like this project, please star the repo ⭐ and consider sponsoring me on GitHub to support future development.</p> <p>Links</p> <p>🔗 GitHub Repo: <a href="https://github.com/saurabhxjha/SecurePR" rel="noopener noreferrer">https://github.com/saurabhxjha/SecurePR</a></p> <p>💖 Sponsor Me: <a href="https://github.com/sponsors/saurabhxjha" rel="noopener noreferrer">https://github.com/sponsors/saurabhxjha</a></p> <p>🌐 Product Page: <a href="https://starkseek.com/products/securepr" rel="noopener noreferrer">https://starkseek.com/products/securepr</a></p>