search

PR Scan & Remediation

PR Scan is a pull request–level security feature that automatically scans code changes for security issues before they are merged. It integrates directly with your GitHub pull request workflow to detect new vulnerabilities introduced by a PR and helps developers fix them by generating remediation pull requests with suggested changes.

This ensures security issues are identified and addressed early, without adding manual steps to the development workflow.

hashtag
1. Prerequisites

  • Ensure your main branch is registered with AI Guardian.

  • Ensure AI Guardian has access to the GitHub repository.

hashtag
2. Enable PR Workflow

  1. Go to the Projects page in AI Guardian.

  2. Locate your project and click Edit.

  3. Toggle Enable PR Workflow.

  4. When enabled, a confirmation popup appears with the following information:

    • Enabling the PR workflow will create a pull request in your repository containing the workflow configuration file.

    • You must merge this pull request to complete the setup and activate the PR workflow.

    • Once enabled, this action cannot be undone through the UI.

  5. Click Enable and Create PR.

  6. Review and merge the auto-generated pull request in GitHub.

After the PR is merged, the PR workflow becomes active.

hashtag
3. Triggering the PR Scan

  1. Create a feature branch (for example, dev) and push your changes.

  2. Raise a Pull Request to merge: dev → main

  3. The PR scan automatically triggers when the PR is:

    • Opened

    • Updated with new commits

    • Reopened

During execution:

  • AI Guardian receives PR metadata (PR number, source branch, target branch, PR URL).

  • A PR comment confirms that the scan has started.

hashtag
4. Viewing Scan Results

  • Scan results are posted directly as a comment on the PR.

  • Results include:

    • SAST findings (code vulnerabilities)

    • SCA findings (dependency vulnerabilities)

  • Only new vulnerabilities introduced by the PR are reported.

hashtag
5. Remediation Workflow

  1. Click the Remediation URL provided in the PR comment.

  2. Select the vulnerabilities identified in the scan.

  3. AI Guardian creates a remediation pull request with suggested fixes.

  4. An interactive remediation chat:

    • Explains the fixes

    • Allows review and clarification before applying changes

  5. The PR scan runs again on the remediation PR.

  6. If the scan is clean:

    • Merge the remediation PR into the feature branch

    • Then merge the feature branch into main

hashtag
6. Importance of PR Scan

  • Automated Security Checks: Every pull request undergoes automatic security verification.

  • Minimal Setup: Simplified setup directly through the user interface without workflow or secret management.

  • Efficient Onboarding: Quick initiation with standardized configurations.

  • Developer-Friendly Remediation: Automatically generate fix pull requests to help developers address issues.

  • Continuous Security Assurance: Ensure secure code is consistently deployed to production.

PreviousChat History & Resuming RemediationNextTroubleshooting in PR Scan

Last updated