Spaces:
Running
Running
| title: codewatcher | |
| emoji: π³ | |
| colorFrom: green | |
| colorTo: yellow | |
| sdk: static | |
| pinned: false | |
| tags: | |
| - deepsite | |
| # CodeWatcher ππ‘οΈ | |
| [](https://github.com/your-org/CodeWatcher/actions) | |
| [](https://opensource.org/licenses/Apache-2.0) | |
| CodeWatcher is a GitHub Actions bot that performs security-focused code reviews on pull requests using static analysis tools with a mentor/red-team approach. | |
| ## Features | |
| - **Automated Security Reviews**: Runs pylint, bandit, and semgrep on every PR | |
| - **In-line Comments**: Provides contextual feedback directly on code changes | |
| - **Mentor Mode**: Offers constructive suggestions for code quality improvements | |
| - **Red Team Mode**: Highlights security vulnerabilities with attack scenarios | |
| - **SARIF Integration**: Uploads findings to GitHub's code scanning interface | |
| ## How It Works | |
| CodeWatcher automatically: | |
| 1. Triggers on pull request events | |
| 2. Analyzes changed Python files using multiple static analysis tools | |
| 3. Posts in-line comments with security insights and improvement suggestions | |
| 4. Provides a summary of findings in the PR conversation | |
| ## Installation | |
| 1. Add the workflow file to your repository: | |
| ```bash | |
| mkdir -p .github/workflows | |
| curl -o .github/workflows/codewatcher.yml https://raw.githubusercontent.com/your-org/CodeWatcher/main/.github/workflows/codewatcher.yml | |
| ``` | |
| 2. Create the scripts directory: | |
| ```bash | |
| mkdir -p .github/scripts | |
| curl -o .github/scripts/codewatcher.py https://raw.githubusercontent.com/your-org/CodeWatcher/main/.github/scripts/codewatcher.py | |
| ``` | |
| 3. Commit and push these changes to your repository: | |
| ```bash | |
| git add .github | |
| git commit -m "Add CodeWatcher security review workflow" | |
| git push | |
| ``` | |
| ## Configuration | |
| Customize CodeWatcher by adding these files to your repository root: | |
| - `.pylintrc` - Pylint configuration | |
| - `.bandit` - Bandit configuration | |
| - `.semgrep.yml` - Custom Semgrep rules | |
| ## Example Output | |
|  | |