I created security agents workflow that auto review your PRs on Azure , Github and Gitlab

I'm sharing a workflow I built over the past few weeks that has made our pull request security reviews more consistent and more actionable.

ThinkReview is a browser extension that works across Git platforms (Gitlab, Github , azure devops and Bitbucket )and runs a custom review checklist based on what your team cares about, such as OWASP guidance and your internal secure coding standards.

Below is a quick look at the end result, then I'll walk through how I set it up

None

​​​​​​​

​​​​​​​

Example: a pentesting-focused review agent

In this example, I created a review agent focused on pentesting.

  1. Define the agent's goal and scope (what kinds of issues it should look for).
  2. Provide a reference the agent should follow, such as STRIKE Graph best practices. https://www.strikegraph.com/blog/pen-testing-best-practices
None
  • You can create up to 10 review agent
None

Run the review on a PR and get findings mapped back to the reference.

None

In the PR shown here, ThinkReview flagged a couple of OWASP-related issues using the reference we provided.

None
None
None

The project is open source on Github : https://github.com/Thinkode/thinkreview-browser-extension

and you can install it from

chrome webstore : https://chromewebstore.google.com/detail/thinkreview-ai-code-revie/bpgkhgbchmlmpjjpmlaiejhnnbkdjdjn

firefox :

https://addons.mozilla.org/en-US/firefox/addon/thinkreview-code-review

​​​​​​​

Lookin forward to your feedback , any questions would love to hear