Ctrlk
For the complete documentation index, see llms.txt. This page is also available as Markdown.

Functionalities of AI Guardian

Key Capabilities

Hub Management

AI Guardian organizes repositories into Hubs — centralized workspaces that group related GitHub projects together. This is particularly useful for organizations managing multiple GitHub organizations or large numbers of repositories, enabling team-level or org-level visibility and governance from a single dashboard.

GitHub Integration

AI Guardian connects to GitHub via a GitHub App — a secure, permission-scoped integration that does not require personal access tokens to be shared or stored. Developers authorize the app, select the repositories to expose, and the integration is immediately active. Repository access can be expanded or restricted at any time.

SAST & SCA Scanning

Every connected project is automatically scanned for:

Scan Type
What It Catches

SAST

Source code vulnerabilities — insecure coding patterns, injection risks, insecure API usage, hardcoded credentials

SCA

Dependency vulnerabilities — known CVEs in open-source libraries, outdated packages, license compliance risks

Findings are categorized by severity — Critical, High, Medium, Low — and each finding includes detailed context and AI-generated remediation guidance.

Single File Scan

In addition to full repository scans, AI Guardian supports single file scanning — allowing developers to upload or select a specific source file for targeted SAST and SCA analysis. This is useful for quick validation before committing, reviewing changes in isolation, or scanning standalone files that fall outside normal project scope.

AI-Powered Remediation

AI Guardian goes beyond reporting — it fixes vulnerabilities automatically using an AI-driven remediation workflow:

  • Developer selects a finding and clicks Remediate

  • An interactive chat explains the vulnerability and proposes a fix

  • Developer reviews the code diff and refines the fix via chat if needed

  • On approval, AI Guardian creates a pull request in GitHub with the fix applied

  • Developer reviews and merges — the vulnerability is resolved

Chat History & Session Resumption

Remediation sessions are persisted as chat history — allowing developers to resume an in-progress remediation even after logging out or a session expiry. Chat history is available for 2 days from the start of a remediation session. Expired sessions are view-only and cannot be modified.

Auto Scan

AI Guardian can automatically scan connected repositories at configurable intervals — ranging from every 5 minutes to every few days — ensuring continuous security monitoring without requiring developers to manually trigger scans. Auto scan detects new vulnerabilities as code evolves, immediately surfacing new risks.

PR Scan & Remediation

AI Guardian integrates directly with the GitHub pull request workflow — automatically scanning every PR for security issues before it is merged into the main branch.

Key characteristics of PR Scan:

  • Triggers automatically when a PR is opened, updated with new commits, or reopened

  • Reports only new vulnerabilities introduced by the PR — reducing noise by excluding pre-existing issues

  • Posts scan results as a PR comment — visible directly in the GitHub PR view

  • Provides a remediation URL in the PR comment — developers click through to AI Guardian, select findings, and receive an AI-generated fix PR

Why PR Scan matters:

It catches vulnerabilities at the earliest possible moment in the merge process — before insecure code enters the main branch — with zero manual steps and no workflow configuration required from the developer.

PreviousCode AgentNextSetting Up AI Guardian

Last updated