RedFlag: AI-Powered Code Risk Analysis for Stronger Security

by ddos ·

RedFlag

RedFlag leverages AI to determine high-risk code changes. Run it in batch mode to scope manual security testing of release candidates, or run it in your CI pipelines to flag PRs and add the appropriate reviewers. Despite being a security tool, RedFlag can be leveraged for almost any team as it’s configuration makes it infinitely flexible.

Batch Mode

RedFlag is able to analyze a large number of commits in a single run. These commits can be specified using commit hashes, branch names, or tags. This is useful for scoping manual security testing of logical groups of code, such as release candidates.

Workflow

CI Mode

RedFlag’s CI mode integrates with GitHub Actions to automate the identification of Pull Requests (PRs) that need security review. It is highly configurable, accepting custom reviewer lists, PR comments, and full RedFlag configuration files. Similar to RedFlag batch mode, CI mode can integrate with Jira to enrich the PR information, enabling the language model to make more informed decisions. This setup enhances the security review process by efficiently flagging PRs that require attention within the CI/CD pipeline.

Evaluation Mode

RedFlag can be run in evaluation mode to evaluate the performance of the AI model using your own custom dataset. This mode is useful for understanding how the model and prompts perform on your codebase and aids in security risk evaluation.

Install & Use

Copyright (C) 2024 Addepar, Inc.

Tags: Code Risk Analysis