Hello peer developers,

I’m sharing a workflow I built over the past few weeks that has made our pull request security reviews more consistent and more actionable.

ThinkReview is a browser extension that works across Git platforms (Gitlab, Github , azure devops and Bitbucket )and runs a custom review checklist based on what your team cares about, such as OWASP guidance and your internal secure coding standards.

Below is a quick look at the end result, then I’ll walk through how I set it up

​​​​​​​

​​​​​​​

Example: a pentesting-focused review agent

In this example, I created a review agent focused on pentesting.

1. Define the agent’s goal and scope (what kinds of issues it should look for).

2. Provide a reference the agent should follow, such as STRIKE Graph best practices. strikegraph.com/blog/pen-testing-best-practices

• You can create up to 10 review agent

Run the review on a PR and get findings mapped back to the reference.

In the PR shown here, ThinkReview flagged a couple of OWASP-related issues using the reference we provided.

The project is open source on Github : github.com/Thinkode/thinkreview-browser-extension

and you can install it from

chrome webstore : chromewebstore.google.com/detail/thinkreview-ai-c…

firefox :

addons.mozilla.org/en-US/firefox/addon/thinkrevie…

**​​​​​​​

Lookin forward to your feedback , any questions would love to hear**