PR Code Reviews
CodeStax provides AI-powered security reviews on your pull requests, catching vulnerabilities before they’re merged.
How It Works
- A pull request is opened (or updated) on your repository
- CodeStax receives a webhook notification from your SCM provider
- The PR diff is analyzed by CodeStax’s security scanners
- Results are posted back with a risk score and findings
Triggering a PR Review
Automatic (via Webhooks)
When webhooks are configured, PR reviews are triggered automatically on:
- New PR opened
- New commits pushed to an existing PR
- PR reopened after being closed
Manual
- Go to Dashboard → PR Reviews
- Select a repository
- Enter the PR number
- Click Trigger Review
Review Results
Risk Score
Every PR review gets a Risk Score from 0 to 100:
| Score | Level | Color | Meaning |
|---|---|---|---|
| 75-100 | Critical | Red | Severe security issues — do not merge |
| 50-74 | High | Orange | Significant issues — review before merging |
| 25-49 | Medium | Yellow | Minor issues — consider fixing |
| 0-24 | Low | Green | Clean or minimal risk |
Review Details
Each review shows:
- PR title and number
- Author name
- Source → Target branch
- Files changed, lines added/deleted
- Scan duration
- Individual findings with severity and file location
Review Dashboard
Navigate to Dashboard → PR Reviews to see all reviews:
- Total Reviews — All reviews triggered
- Completed — Finished reviews
- In Progress — Currently scanning
- Average Risk Score — Across all completed reviews
Filtering
- Search by PR title, author, or PR number
- Filter by status (Pending, Scanning, Completed, Failed)
- Filter by repository
Review Limits
| Plan | PR Reviews / Month |
|---|---|
| Free | 0 |
| Pro | 20 |
| Team | Unlimited |
| Enterprise | Unlimited |