-
Hello peer developers,
I’m sharing a workflow I built over the past few weeks that has made our pull request security reviews more consistent and more actionable.
ThinkReview is a browser extension that works across Git platforms (Gitlab, Github , azure devops and Bitbucket )and runs a custom review checklist based on what your team cares about, such as OWASP guidance and your internal secure coding standards.
Below is a quick look at the end result, then I’ll walk through how I set it up
Example: a pentesting-focused review agent
In this example, I created a review agent focused on pentesting.
- Define the agent’s goal and scope (what kinds of issues it should look for).
- Provide a reference the agent should follow, such as STRIKE Graph best practices. https://www.strikegraph.com/blog/pen-testing-best-practices
- You can create up to 10 review agent
Run the review on a PR and get findings mapped back to the reference.
In the PR shown here, ThinkReview flagged a couple of OWASP-related issues using the reference we provided.
The project is open source on Github : https://github.com/Thinkode/thinkreview-browser-extension
and you can install it from
chrome webstore : https://chromewebstore.google.com/detail/thinkreview-ai-code-revie/bpgkhgbchmlmpjjpmlaiejhnnbkdjdjn
firefox :
https://addons.mozilla.org/en-US/firefox/addon/thinkreview-code-review
Lookin forward to your feedback , any questions would love to hear
Top comments (0)