suhasramanand · suhasramanand · Jan 21, 2025 · Jan 21, 2025 · Jan 21, 2025 · Jan 21, 2025
diff --git a/.github/workflows/code-review.yml b/.github/workflows/code-review.yml
@@ -25,3 +25,5 @@ jobs:
         env:
           GROQ_API_KEY: ${{ secrets.GROQ_API_KEY }}
           GIT_TOKEN: ${{ secrets.GIT_TOKEN }}
+          GITHUB_REPOSITORY: ${{ github.repository }}
+          GITHUB_EVENT_NUMBER: ${{ github.event.number }}
diff --git a/README.md b/README.md
@@ -1,12 +1,15 @@
 ![Logo](logo.png)
 # CodeReviewer.AI
 
-CodeReviewer.AI is an automated pull request review bot that leverages artificial intelligence to analyze and provide suggestions on code changes. It uses Groq's language model to review and suggest improvements for the code in open pull requests, allowing developers to get feedback on their code changes without manual review.
+CodeReviewer.AI is an **advanced security-focused** automated pull request review bot that leverages artificial intelligence to analyze code changes for vulnerabilities and security issues. It uses Groq's language model combined with pattern-based security scanning to provide comprehensive security reviews.
 
-## Features
-- Automatically fetches open pull requests from a GitHub repository.
-- Analyzes code diffs using Groq's `llama-3.3-70b-versatile` model.
-- Posts review comments directly to the GitHub pull request with suggestions for improvement.
+## 🛡️ Security Features
+- **Automated vulnerability detection** using regex patterns for common security issues
+- **CVE scanning** for dependencies using Safety database
+- **Human-like, concise security reviews** with actionable feedback
+- **Real-time security analysis** of code changes
+- **Pattern-based detection** for SQL injection, XSS, path traversal, hardcoded secrets, and more
+- **Dependency vulnerability scanning** for known CVEs
 
 ## Technologies Used
 - **Groq**: We use Groq’s Llama-based model for code review and suggestions.
@@ -21,6 +24,8 @@ You will need the following dependencies:
 - `groq`: For interacting with Groq's API.
 - `requests`: For making API requests to GitHub.
 - `pygments`: For code syntax highlighting.
+- `safety`: For CVE vulnerability scanning of Python dependencies.
+- `bandit`: For static security analysis (optional).
 
 Install the dependencies by running:
 
@@ -51,5 +56,27 @@ Before running the bot, install the necessary dependencies by running:
 
 ```bash
 pip install -r requirements.txt
+```
+
+## 🔍 Security Scanning Capabilities
+
+The bot automatically scans for the following security vulnerabilities:
+
+### Pattern-Based Detection
+- **SQL Injection**: Detects unsafe SQL query construction
+- **Cross-Site Scripting (XSS)**: Identifies potential XSS vulnerabilities
+- **Path Traversal**: Finds directory traversal attack vectors
+- **Hardcoded Secrets**: Detects exposed passwords, API keys, and tokens
+- **Unsafe Deserialization**: Identifies dangerous deserialization patterns
+- **Command Injection**: Detects shell injection vulnerabilities
+
+### CVE Scanning
+- **Dependency Analysis**: Automatically scans `requirements.txt`, `package.json`, and `Pipfile` changes
+- **Known Vulnerabilities**: Checks against Safety database for active CVEs
+- **Severity Assessment**: Provides severity ratings for identified vulnerabilities
 
+### AI-Powered Reviews
+- **Human-like Feedback**: Generates concise, actionable security reviews
+- **Contextual Analysis**: Understands code context for better vulnerability assessment
+- **Fix Suggestions**: Provides specific recommendations for security improvements
 
diff --git a/requirements.txt b/requirements.txt
@@ -1,3 +1,5 @@
 requests
 pygments
-groq
+groq
+safety
+bandit