Analysis updated 2026-06-26
Add automated AI security review to any GitHub repo so every pull request gets checked for SQL injection, XSS, hardcoded secrets, and other vulnerabilities.
Replace or supplement pattern-based static analysis with AI-powered code review that understands what the code actually does in context.
Run the security scan locally as a Claude Code slash command to catch issues before even creating a pull request.
Tune the scanner with custom instructions to match your project's specific security policies and acceptable risk profile.
| anthropics/claude-code-security-review | hephaest0s/usbkill | integuru-ai/integuru | |
|---|---|---|---|
| Stars | 4,588 | 4,588 | 4,587 |
| Language | Python | Python | Python |
| Setup difficulty | easy | easy | moderate |
| Complexity | 2/5 | 1/5 | 3/5 |
| Audience | developer | ops devops | developer |
Figures from each repo's GitHub metadata at analysis time.
Requires an Anthropic API key stored as a GitHub secret, paste one YAML snippet into your workflow and it's live.
This repository contains a GitHub Action built by Anthropic that automatically reviews pull requests for security problems using Claude, Anthropic's AI model. When a developer opens a pull request, the action runs Claude against the changed code and posts comments directly on the lines where it finds potential vulnerabilities. The tool focuses on a wide range of security issues: SQL injection, command injection, hardcoded secrets, authentication flaws, weak encryption, cross-site scripting, insecure configuration, and more. Unlike traditional security scanning tools that look for known patterns, this tool uses AI to understand what the code is actually doing in context, which the README says reduces false positives compared to pattern-only approaches. Setting it up requires adding a workflow file to your repository's GitHub Actions configuration and providing an Anthropic API key as a secret. The README includes a short YAML snippet showing exactly what to paste. Configuration options let you choose which Claude model to use, set a timeout, exclude directories from scanning, and provide custom instructions to tune what counts as a finding for your specific project. There is an important security caveat in the README: the action is not hardened against prompt injection, meaning a malicious contributor could potentially craft code or comments designed to manipulate the AI's output. Anthropic recommends configuring your repository to require maintainer approval before running workflows from external contributors. Beyond the GitHub Action, the same security analysis is also available as a slash command inside the Claude Code development tool, where running it locally checks all pending changes before they are even submitted as a pull request. The repository also includes an evaluation framework for testing the scanner against specific pull requests during local development.
A GitHub Action by Anthropic that uses Claude AI to automatically review pull requests for security vulnerabilities and post inline comments on risky code.
Mainly Python. The stack also includes Python, GitHub Actions, Claude API.
Anthropic open-source project, check repository for exact license terms.
Setup difficulty is rated easy, with roughly 5min to a first successful run.
Mainly developer.
This repo across BitVibe Labs
Verify against the repo before relying on details.