coderabbit-security-basics

# CodeRabbit Security Basics ## Overview Configure CodeRabbit to catch security vulnerabilities, hardcoded secrets, and insecure patterns in pull requests. CodeRabbit's AI review can detect security issues that static analysis tools miss because it understands code context and intent. This skill covers security-focused configuration, secret detection instructions, and compliance-oriented review policies. ## Prerequisites - CodeRabbit installed on repository - `.coderabbit.yaml` in repository root - Understanding of security requirements for your codebase ## Security Coverage | Category | CodeRabbit Detection | Complementary Tool | |----------|--------------------|--------------------| | Hardcoded secrets | Path instructions + AI detection | GitHub Secret Scanning, GitLeaks | | SQL injection | Path instructions for DB code | SonarCloud, Semgrep | | XSS vulnerabilities | Path instructions for frontend | ESLint security plugins | | Auth bypass | Path instructions for auth code | Manual review | | Insecure dependencies | Limited (reviews import patterns) | Dependabot, Renovate | | OWASP Top 10 | Path instructions covering each risk | Dedicated SAST tools | ## Instructions ### Step 1: Configure Security-Focused Review ```yaml # .coderabbit.yaml - Security-hardened configuration language: "en-US" reviews: profile: "assertive" request_changes_workflow: true # Block merge on security findings auto_review: enabled: true drafts: false base_branches: [main, d...