You can view the AI security review results in the Endor Labs UI. You can also enable PR comments to get a comment on your GitHub PR with the details of the AI security review.
View AI security review results in Endor Labs UI
-
Select Projects from the left sidebar.
-
Select the project for which you want to view the AI security review results.
-
Select Security Review.
You can view the AI security review results for all the pull requests raised in the project. You can also search for a specific pull request and view the results.
You can filter the results by the type of the security issues, the severity of the security issues, the author of the PR, the approvers, and the creation time of the PR. You can select advanced to enter a search query to filter the results.
For example, you can filter the results to show only the critical security issues that are part of unmerged pull requests:
(spec.level in ["SECURITY_REVIEW_LEVEL_CRITICAL"] and spec.repository_pull_request_spec.merged != true) -
Click on a pull request to view the detailed report.
The report appears in the right sidebar. You can view the security analysis of the PR and the list of security risks along with their severities.
You can click links against the security analysis to go directly to the lines of code that has the security risk.
You can also click the links to view the pull request and the specific commit that introduced the security risk.
-
Select the arrow next to a security risk to view the details of the security risk.
You can view the analysis of the security risk, the code snippet associated with the risk, and the details of the pull request.
Security review GitHub pull request comment
If you configure the action policy to get comments on your GitHub pull requests, Endor Labs comments on the pull request with the security analysis.
