Autonomous PR reviews inside GitHub CI
Inline comments, test suggestions, and security insights — automatically delivered in every pull request.
&9888; Security: SECRET_KEY should have an expiration claim. Without expiresIn, this token is valid forever — a compromised token can never be revoked.
Suggested fix: jwt.sign(payload, SECRET_KEY, { expiresIn: "1h" })
6
AI agents per PR
running concurrently in under 30 seconds
50%
less reviewer time
on small & medium PRs
92%
comment accuracy
rated useful by beta testers
14
languages supported
Python, Go, Java, Rust, C#, and more
Features
Everything your code review process is missing
Six specialized agents review every PR in parallel — three LLM-powered (code review, security, test generation) and three rule-based (secret scanning, dependency checks, IaC review). Plus auto-fix suggestions, blast radius analysis, and your choice of LLM model. Think of it as a senior engineer who never gets tired.
Line-Level Review + Apply Patch
Context-aware feedback pinpointed to exact lines. Every finding comes with a copy-ready suggested fix and git-format patch — engineers apply fixes in one click.
AI Fix Suggestions
Every finding includes an auto-generated code fix. Click "Apply Fix" to create a commit directly on the PR branch — zero manual editing required.
AI PR Summary
Auto-generated human-readable PR summary with key changes, breaking change detection, and impact areas. Understand any PR in seconds.
GitHub Check Runs
DevLens posts pass/fail status checks on every PR. Block merges on high-risk PRs with GitHub branch protection rules.
Security Scanning (SAST + LLM)
Two-pass security analysis: fast static rules for 30+ patterns, then LLM for complex vulnerabilities. Catches SQL injection, XSS, auth bypass, and more.
Secret Detection
GitLeaks-style scanning for leaked credentials — AWS keys, GitHub tokens, Stripe keys, JWTs, private keys, database connection strings, and 16+ patterns.
Dependency Vulnerability Check
Automatically queries OSV.dev for known CVEs in your requirements.txt, package.json, and go.mod. Shows fixed versions and upgrade suggestions.
Infrastructure-as-Code Review
Catches Terraform misconfigs (public S3, open security groups, unencrypted EBS), Kubernetes issues (privileged containers, root), and Docker anti-patterns.
Auto Test Suggestions
Generates unit test stubs for new and changed code paths. Covers edge cases, error scenarios, and boundary conditions.
Blast Radius Analysis
See the full impact of every change. DevLens finds all call sites of modified functions across the repo, flags out-of-PR callers that could break, detects signature changes, and shows an interactive impact map — so you never miss a hidden dependency.
PR Risk Score + Merge Recommendation
Every PR gets an AI-assessed 0-100 risk score with a clear merge recommendation: safe to merge, merge with caution, or not recommended.
Quality Index + Drift Detection
Single score for org/repo code health. Detects repos with worsening trends, category benchmarks, and percentile rankings across your organization.
Code Complexity Tracking
Tracks cyclomatic complexity changes per PR. See exactly how many decision points each file gained or lost, and spot complexity creep before it spirals.
Duplicate / Copy-Paste Detection
Automatically flags copy-pasted code blocks within a PR. Shows exact locations and previews so you can refactor into shared utilities.
PR Description Validation
Scores your PR description for completeness — checks for context, ticket references, and testing instructions. Enforce team templates automatically.
Smart Reviewer Assignment
Suggests the best reviewers based on code ownership — who recently committed to the changed files and directories. No more guessing who should review.
Findings Lifecycle + Jira
Track findings from Open to Fixed to Ignored. Create Jira tickets from critical findings with one click. Full audit trail for compliance.
Custom Review Rules
Define your own review rules with regex patterns or natural language AI prompts. Enforce team conventions, ban anti-patterns, and ensure compliance.
Rule Packs + Org Policies
Enable/disable rule packs, set severity overrides, create repo-specific policies. Strict security for payments, relaxed style for prototypes.
Feedback Learning Loop
Thumbs-up or thumbs-down any comment. Track per-agent accuracy, surface false positive patterns, and watch DevLens get smarter over time.
Review Time Tracking
Track how long reviews take, measure first-response time, and identify bottleneck PRs. See avg/median durations and the slowest reviews.
Comparison Reports
Schedule weekly or monthly digest emails that compare code quality across repos. Track trends, violations, and team progress — delivered to your inbox automatically.
CI/CD Native + Batch Reviews
One GitHub Action. Review multiple PRs at once with batch mode. DevLens plugs into your existing workflow and comments directly on the diff.
Policy-as-Code (devlens.yml)
Define review policies in a YAML file in your repo. Set enforcement modes, enable/disable rulesets, configure critical paths, and ignore patterns. Org → team → repo policy hierarchy.
Slash Commands in PRs
Type /devlens rerun, /devlens deep-review, /devlens focus security, or /devlens ignore <rule> directly in PR comments. Interactive review without leaving GitHub.
Codebase-Aware Reviews
DevLens injects repo structure, co-changed files, directory siblings, and paired test files into every review — so the AI understands context beyond the diff.
Incremental Reviews
After the first review, DevLens only re-reviews files changed since the last reviewed SHA. Force-pushes and follow-up commits are reviewed in seconds, not minutes.
Bring Your Own Model
Choose the LLM that powers your reviews — GPT-4o, Claude, DeepSeek Coder, Llama 3, or any of 100+ providers via LiteLLM. Configure per-organization from the Settings page.
Slack + Email Notifications
Get notified when DevLens completes a review or finds critical issues. Slack webhook integration plus email notifications with configurable recipients.
Custom Team Guidelines
Point to a Markdown guidelines file in your repo via devlens.yml. Your team's coding standards are injected into every LLM prompt so reviews align with your conventions.
How It Works
From install to first review in under 2 minutes
Install in 60 seconds
Add the DevLens GitHub Action to your repo. One YAML file, zero config. Works with any language.
Open a pull request
Push code and open a PR like you normally would. DevLens triggers automatically on every new PR and push.
Six specialized agents + smart analyzers
Three LLM-powered agents (code review, security, test generation) and three rule-based agents (secret scanning, dependency checks, IaC review) analyze your diff in parallel — using your organization's preferred model.
Apply fixes & merge with confidence
Review AI comments, apply suggested fixes with one click, check the risk score and GitHub status check, then merge knowing everything has been caught.
# .github/workflows/devlens.yml
on:
pull_request:
types: [opened, synchronize]
jobs:
devlens-review:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: devlens/action@v1
with:
api_key: ${{ secrets.DEVLENS_API_KEY }}That's it. No webhooks to configure, no servers to deploy, no tokens to rotate. DevLens handles the rest.
Language Support
Works with every language your team uses
Full AST-aware analysis, security scanning, and test generation for 14 languages. All with line-level precision.
Python
GAGo
GAJavaScript
GATypeScript
GAJava
GAKotlin
GAC#
GARuby
GAPHP
GARust
GASwift
GAScala
GAC / C++
GADart
GALoved by developers
Teams ship faster with DevLens
“DevLens caught a SQL injection vulnerability that three human reviewers missed. It paid for itself in the first week.”
Sarah Chen
Staff Engineer, Fintech Startup
“We used to have a 2-day review backlog. Now the easy stuff is handled before a human even looks at it. Our senior devs focus on architecture, not style nits.”
Marcus Rivera
Engineering Manager, Series B SaaS
“The test generation alone saves us 30 minutes per PR. And the risk scoring helps us prioritize which PRs need senior eyes.”
Priya Mehta
Tech Lead, E-commerce Platform
Stop shipping bugs.
Start shipping confidence.
Start catching issues before they hit production. Try DevLens free for 14 days — no credit card required.
No credit card required • 14-day free trial on all paid plans