Introducing AI-CodeWise: Revolutionizing Code Reviews with AI-Powered Analysis

StepSecurity's AI Code Reviewer aims to transform the way we maintain code quality and identify security vulnerabilities

Varun Sharma
May 10, 2023


At StepSecurity, we understand the importance of code reviews as an integral part of secure software development best practices. It helps in maintaining code quality and identifyying potential security vulnerabilities. However, we also recognize the challenges developers face due to limited resources and time constraints. It’s not uncommon for engineers to find code review mundane and boring. In our previous enterprise experience, we have seen developers waiting for days to get their code reviewed, which slows down velocity.  For open-source projects with single maintainers, code review is especially challenging as maintainers don’t have anyone else to rely on for feedback.  That's why we're excited to introduce AI-CodeWise, our groundbreaking AI-powered code reviewer that leverages the power of GPT and the OpenAI API to revolutionize the code review process.

AI-CodeWise: The Future of Code Reviews

AI-CodeWise is an advanced AI Code Reviewer designed to bridge the gap between traditional code review processes and the ever-growing demands of today's development environment. Released as a GitHub Action, AI-CodeWise sends the diff of the code files in a pull request to the StepSecurity API, which then employs prompt engineering to call the Azure OpenAI API to review the code.  

AI-CodeWise automatically adds a pull request comment using the StepSecurity bot account. This comment contains detailed information about the identified issues, providing developers with valuable insights to improve their code quality and address potential security vulnerabilities more efficiently.

Try It Out

Experience AI-CodeWise for yourself by following these easy steps:

1. Use the GitHub Action in your public repository by following the documentation. AI-CodeWise is free for public repositories.  

2. Alternatively, create a pull request in our demo repository to see AI-CodeWise in action.

For public repositories, the AI-CodeWise Github Action creates pull request comments using the StepSecurity Bot account, so it works even if the pull request is created using a fork.  

If you encounter any issues, suggestions, or have any ideas for improvement, we encourage you to create an issue in our public repository.

Comparing Results with Existing Tools

To demonstrate the capabilities of AI-CodeWise, we've compared its results with those of existing Static Application Security Testing (SAST) and Infrastructure as Code (IaC) scanner tools. AI-CodeWise differentiates itself from these tools by offering the following advantages:

1. All-in-One Review 🌐: Detects code smells, best practice violations, & security issues across languages for versatile code review.

2. Unforeseen Issue Detection 🎯: AI-powered for discovering issues that rule-based systems might miss, ensuring thorough code analysis.

3. Fix Suggestions 🔧: Offers code change suggestions directly in PR comments, empowering developers to resolve issues efficiently, boosting code quality & security.

By offering a comprehensive code review solution that not only detects issues but also provides recommendations for addressing them, AI-CodeWise stands out as a powerful tool in the ever-evolving world of software development.

Here are some sample pull requests where files with known vulnerabilities are being added:

  1. Terraform file with multiple security issues
  1. Java code vulnerable to XML external entities attacks
  1. JavaScript code vulnerable to open redirect
  1. Python code vulnerable to server-side request forgery (SSRF)
  1. C# code vulnerable to command injection

Join the Beta for Private Repositories

We're currently offering a beta version of AI-CodeWise for developers to use in their private repositories. Sign up for the beta and experience the benefits of AI-powered code reviews firsthand.


AI-CodeWise is a game-changing solution that aims to revolutionize the way we conduct code reviews. By leveraging the power of AI and the OpenAI API, AI-CodeWise provides a robust alternative to traditional code review processes, ultimately saving developers time and ensuring code quality and security. Don't miss the opportunity to enhance your code review process with AI-CodeWise—sign up for the beta today!