Back to Help Center

GitHub App Installation Guide

Automate security analysis on every pull request

What is the CodeSlick GitHub App?

The CodeSlick GitHub App automatically analyzes code in your pull requests and posts security findings as comments. Think of it as an automated security reviewer that runs on every PR.

With GitHub App

  • Automatic analysis on every PR
  • Security findings as PR comments
  • Commit status checks (pass/fail)
  • No manual uploads needed

Without GitHub App

  • Manual code upload to codeslick.dev
  • Copy/paste code to analyze
  • View results in browser
  • Still fully functional

Installation Steps

1

Go to GitHub App Page

Visit the CodeSlick GitHub App installation page:

Install GitHub App
2

Click "Install" or "Configure"

On the GitHub App page, you'll see an "Install" button (if first time) or "Configure" (if already installed).

Note: You need to be an admin or owner of the repository/organization to install GitHub Apps.

3

Choose Repositories

Select which repositories CodeSlick should analyze:

  • All repositories: Analyze all current and future repos
  • Only select repositories: Choose specific repos (recommended for testing)
4

Review Permissions

CodeSlick will request these permissions:

  • Read code: To analyze files in pull requests
  • Post comments: To share security findings on PRs
  • Set commit status: To mark PRs as pass/fail
5

Click "Install" to Confirm

Review the settings and click the green "Install" button. You'll be redirected back to CodeSlick.

Success! The GitHub App is now installed. Open a pull request to see it in action.

How It Works After Installation

1

You Open a Pull Request

Create or update a PR in any repository where CodeSlick is installed.

2

CodeSlick Analyzes Automatically

The app fetches all code files in the PR and runs 226 security checks (SQL injection, XSS, command injection, etc.).

3

Results Posted as PR Comment

Security findings are posted as a comment on the PR, organized by severity (CRITICAL, HIGH, MEDIUM, LOW).

4

Apply Fixes with One Click

Each vulnerability has an individual "Apply Fix" button. Click it to generate an AI-powered fix and apply it directly to your branch (GitHub-native, no authentication required).

5

Commit Status Updated

The PR shows a green checkmark (✅ pass) if no critical issues, or red X (❌ fail) if critical vulnerabilities are found.

Example PR Comment

## CodeSlick Security Analysis

**Summary:** 3 vulnerabilities found

### 🔴 CRITICAL (1)
- **SQL Injection** in `src/api/users.js:42`
  - User input directly concatenated into SQL query
  - CVSS: 9.8 | OWASP: A03:2021 Injection

### 🟠 HIGH (2)
- **XSS Vulnerability** in `src/components/UserProfile.jsx:15`
  - Unsanitized user input rendered to DOM
  - CVSS: 7.5 | OWASP: A03:2021 Injection

- **Hardcoded Credentials** in `src/config/database.js:8`
  - API key hardcoded in source code
  - CVSS: 7.0 | OWASP: A07:2021 Identification Failures

---
**Analyzed:** 5 files | **Passed:** 2 files | **Failed:** 3 files
Powered by CodeSlick Security Scanner

Troubleshooting

No comment posted on my PR

  • Check if the PR contains supported files (.js, .ts, .py, .java)
  • Verify the GitHub App is installed on this repository
  • Check your team's quota hasn't been exceeded
  • Wait 10-30 seconds - analysis may still be running

How do I uninstall?

Go to your GitHub organization/account Settings → Applications → Installed GitHub Apps → CodeSlick → Uninstall

Can I test it without a real PR?

Yes! Create a draft PR or a PR in a test repository. The app analyzes all PRs, including drafts.

Ready to Automate Security Reviews?

Install the GitHub App and get security analysis on every pull request.

Install GitHub AppBack to Help Center
CodeSlick - OWASP 2025 Security Scanner | Detect Vulnerabilities in JavaScript, Python, Java, Go