Spaces:
Running
Running
File size: 2,205 Bytes
509108d b0a728d 509108d b0a728d 509108d 7e4a452 11ca274 7e4a452 11ca274 |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 |
---
title: codewatcher
emoji: 🐳
colorFrom: green
colorTo: yellow
sdk: static
pinned: false
tags:
- deepsite
---
# CodeWatcher 🔍🛡️
[](https://github.com/your-org/CodeWatcher/actions)
[](https://opensource.org/licenses/Apache-2.0)
CodeWatcher is a GitHub Actions bot that performs security-focused code reviews on pull requests using static analysis tools with a mentor/red-team approach.
## Features
- **Automated Security Reviews**: Runs pylint, bandit, and semgrep on every PR
- **In-line Comments**: Provides contextual feedback directly on code changes
- **Mentor Mode**: Offers constructive suggestions for code quality improvements
- **Red Team Mode**: Highlights security vulnerabilities with attack scenarios
- **SARIF Integration**: Uploads findings to GitHub's code scanning interface
## How It Works
CodeWatcher automatically:
1. Triggers on pull request events
2. Analyzes changed Python files using multiple static analysis tools
3. Posts in-line comments with security insights and improvement suggestions
4. Provides a summary of findings in the PR conversation
## Installation
1. Add the workflow file to your repository:
```bash
mkdir -p .github/workflows
curl -o .github/workflows/codewatcher.yml https://raw.githubusercontent.com/your-org/CodeWatcher/main/.github/workflows/codewatcher.yml
```
2. Create the scripts directory:
```bash
mkdir -p .github/scripts
curl -o .github/scripts/codewatcher.py https://raw.githubusercontent.com/your-org/CodeWatcher/main/.github/scripts/codewatcher.py
```
3. Commit and push these changes to your repository:
```bash
git add .github
git commit -m "Add CodeWatcher security review workflow"
git push
```
## Configuration
Customize CodeWatcher by adding these files to your repository root:
- `.pylintrc` - Pylint configuration
- `.bandit` - Bandit configuration
- `.semgrep.yml` - Custom Semgrep rules
## Example Output

|