Catching vulnerabilities after a merge is no fun. We have developed a new way to prevent you from injecting them in the first place. Fluid Attacks' Peer Reviewer Assistant spots vulnerabilities during code review and posts SAST and SCA findings as inline comments on your MR/PR, right on the lines that need attention. Reviewers see exactly what vulnerabilities a change would inject, so they can approve or reject with full context. Our Assistant won't block merges on its own, but if your team requires all comments be resolved before merging, it effectively becomes a security gate.

Comments show the security vulnerabilities with a link to our docs, which include recommendations. No separate dashboard to check: The alerts land where you're already at.

What it catches and how:

• SAST scans the changed files for vulnerabilities in your own code.
• SCA checks your dependencies in the same diff.
• Each finding tells you where (file path), what (suggested weakness title), and which line, so reviewers can make informed calls on whether the code should be merged.
• Want to exclude paths? Read our docs to learn how.

Setup takes a minute:

1. Go to the Integrations section on the Fluid Attacks platform.
2. Scroll to the Peer Reviewer Assistant cards.
3. Click Use integration on either the Azure DevOps or GitLab card.

For GitLab, you'll need a Project Access Token per request. For Azure DevOps, it uses OAuth2 Client Credentials (tenant ID + client ID/secret). 

The Peer Reviewer Assistant is a complementary feature, exclusively included in the Advanced plan. Currently available for Azure DevOps and GitLab integrations.

Security feedback, right where code gets reviewed. Set it up now.