Intelligent GitHub Code Review and Automated Security Analysis Agent

Intelligent GitHub Code Review and Automated Security Analysis Agent

Mrs. Ambika S1, Harish B2, Eshwar K3, Bagath S4, Arul Immanuel T5

1 DEPARTMENT OF ARTIFICIAL INTELLIGENCE AND DATA SCIENCE, SRI SHAKTHI INSTITUTE OF ENGINEERING AND TECHNOLOGY, (AUTONOMOUS) COIMBATORE-641062.

2 DEPARTMENT OF ARTIFICIAL INTELLIGENCE AND DATA SCIENCE, SRI SHAKTHI INSTITUTE OF ENGINEERING AND TECHNOLOGY, (AUTONOMOUS) COIMBATORE-641062.

3 DEPARTMENT OF ARTIFICIAL INTELLIGENCE AND DATA SCIENCE, SRI SHAKTHI INSTITUTE OF ENGINEERING AND TECHNOLOGY, (AUTONOMOUS) COIMBATORE-641062.

4 DEPARTMENT OF ARTIFICIAL INTELLIGENCE AND DATA SCIENCE, SRI SHAKTHI INSTITUTE OF ENGINEERING AND TECHNOLOGY, (AUTONOMOUS) COIMBATORE-641062.

Received:                          ; Revised:                             ; Accepted:                           ; Published:

ABSTRACT :

In modern software development, code quality, security, and consistency are critical factors that determine the reliability of applications. Traditional code review processes are often manual, time-consuming, and prone to human error — developers may overlook security vulnerabilities, inefficient logic, or documentation gaps due to time constraints and increasing workload. To address these challenges, this project presents an Intelligent GitHub Code Review and Automated Security Analysis Agent that integrates directly with GitHub using webhooks and GitHub App authentication. The system automatically monitors pull request activities, retrieves code changes, analyzes differences, and provides structured insights through native GitHub Check Runs. It is built using FastAPI for backend processing and offers a web-based dashboard for visualizing pull request details, file changes, and statistics. The proposed system incorporates Artificial Intelligence using Large Language Models (LLMs) such as Google Gemma to perform advanced code analysis, detect security vulnerabilities, suggest improvements, and generate automated documentation. By combining automation, real-time analysis, and AI-driven insights, the system enhances developer productivity, improves code quality, and ensures secure software development practices. The integration of intelligent analysis mechanisms minimizes false positives and delivers context-aware insights tailored to each pull request.

KEYWORDS: GitHub Code Review, Automated Security Analysis, FastAPI, Webhooks, Check Runs, Large Language Models (LLMs), Gemma AI, Software Quality, DevOps Automation, Diff Processing, Pull Request Analysis, Python.