Plugs into your stack
GitHub App for PR reviews, 5 CI platforms auto-detected, Slack alerts, 5 output formats, and a CLI that rides alongside your AI coding agents.
Source Control
Where your code lives
GitHub App
One-click install. Delivers PR comments and check runs, validates webhooks with HMAC signatures, and supports PR status badges.
Learn moreCI / CD
Works with your pipelines
GitHub Actions
Auto-detected by pullminder ci. Native ::warning / ::error annotations on PRs.
GitLab CI
Auto-detected. JUnit XML integrates with GitLab test reports.
CircleCI
Auto-detected. Base branch resolved from CIRCLE_* env vars.
Jenkins
Auto-detected. JUnit publisher picks up pullminder ci --junit output.
Bitbucket Pipelines
Auto-detected. Pipelines read Bitbucket env vars for PR context.
Notifications
Tell the right people
Slack
Post risk alerts to a Slack channel via incoming webhooks. Block Kit formatting with plain-text fallback.
Email alerts Coming soon
Per-user email digests and alerts for high-risk PRs.
Output Formats
Five ways to consume findings
Terminal
Human-readable, color-coded findings (default).
JSON
Machine-readable output via --json.
SARIF v2.1.0
GitHub Code Scanning integration via --sarif.
JUnit XML
Test reporter compatibility via --junit.
GitHub annotations
::warning / ::error workflow commands via --github-annotations.
Developer Tools
Your local loop
CLI
13 commands for offline scanning, CI, rule packs, hooks, registry management, and an LSP server for editors.
Learn moreEditor LSP server
pullminder lsp starts a stdio Language Server so VS Code, Neovim, Helix, Zed, and other editors surface findings as inline diagnostics.
Learn moreAI coding agents
Persistent --agent flag returns a versioned JSON envelope (risk score, findings, action_required) tuned for Cursor, Copilot, and Claude Code.
Learn moreCustom rule registries
Scaffold and publish your own rule packs with pullminder registry init. Point .pullminder.yml at your registry alongside community packs.
Learn moreRule Pack Catalog
Community and premium rule sources
Community registry
24 free rule packs covering secrets, language-specific security, infrastructure, PII, crypto, migrations, and license risk.
Learn morePremium registry — Team tier
3 Team-tier packs (advanced AI detection, senior-review patterns, adaptive sensitive paths). Auto-syncs on Team plans.
Learn morePremium registry — Enterprise tier
7 Enterprise packs including HIPAA, PCI-DSS, SOC2, GDPR compliance detection plus behavioral analytics. Auto-syncs on Enterprise plans.
Learn moreEnterprise
Compliance and identity
Webhook HMAC validation
Every inbound webhook is cryptographically signed and verified before processing.
Learn moreData export
One-click JSON export of personal data from the Account page (Article 20 right to portability).
Learn moreSSO / SAML Coming soon
SAML-based single sign-on for enterprise identity providers.
Bring PR verification where you already work
Install the GitHub App in one click, or try the CLI without an account.