How It Works

Infrastructure-grade
Verification.

Pullminder analyzes every Pull Request with 25 rule packs and 210+ detection rules, generates AI-powered reviewer briefs, and enforces your merge policies automatically.

SYSTEM STATUS: ACTIVE
SCANNING REPO: CORE-ENGINE-V2 74% COMPLETE
Logic Integrity Validated
Dependency Vulnerability Scan
Policy Enforcement Pending...
01 — INTEGRATION

Connect

Install our GitHub App and select which repositories to monitor. Secure webhook delivery starts in seconds.

  • OAuth 2.0 Secure Handshake
  • Full Monorepo Support
02 — ANALYSIS

Evaluate

Every PR is analyzed by 25 rule packs running concurrently. We score based on diff size, security patterns, test coverage, and more.

  • Multi-Dimensional Risk Scoring
  • 25 Concurrent Rule Packs
03 — COLLABORATION

Guide

Reviewers receive an AI-generated brief — a condensed summary of what changed, what's risky, and where to focus.

  • Automated Review Context
  • Priority Hotspot Mapping
04 — GOVERNANCE

Enforce

Custom merge policies block risky PRs automatically. If a policy check fails, the merge is blocked until resolved.

  • Dynamic Approval Gates
  • Fail-Safe Blocking
End-to-End Flow

How It Works

From pull request to merge decision — every step is automated.

PR Opened GitHub webhook
25 Rule Packs Concurrent scoring
Policy Engine Pass / Warn / Block
AI Brief Claude-powered
Results Check + Comment + Slack

Total time: 3-6 seconds from PR open to results posted

Rule Packs

Extensible by design

Detection rules are composable YAML packs installed from registries

Language Security

Go, Python, React, Ruby, PHP, Rust, Java, C#, Kotlin, Swift, Shell

Compliance

HIPAA, SOC2

Quality

Test conventions, review quality

Detection

Bot detection, AI-generated code, sensitive paths

Community

Free

Included on all plans

Premium

Team+

Advanced security & quality

Compliance

Enterprise

HIPAA, SOC2, PCI-DSS, GDPR

Browse the registry
CLI

Works where developers work

From terminal to CI pipeline — Pullminder catches issues before they reach your PR.

terminal
$ pullminder check # Run rules locally before pushing
$ pullminder init # Scaffold project configuration
$ pullminder ci --sarif # CI-optimized with SARIF output
$ pullminder check --agent # AI-agent JSON (Cursor, Copilot, Claude Code)
AI-Native LoopPullminder only

No competitor ships this. Every command supports --agent for AI-optimized JSON: your coding agent writes code → Pullminder scans → the agent reads structured findings → self-corrects. Available on check, ci, diff, score, brief.

Offline-Capable

The CLI runs analysis locally — no account required for rule packs from the public registry. Ideal for pre-push checks, local policy validation, and offline runs where the cloud isn't reachable.

CI/CD

Works with your CI — out of the box

pullminder ci auto-detects your platform and picks the right output format. No YAML gymnastics required.

Auto-Detected Platforms

  • GitHub Actions
  • GitLab CI
  • CircleCI
  • Jenkins
  • Bitbucket Pipelines

Base branch is resolved automatically from CI environment variables — no --base flag needed in common cases.

Output Formats

  • Terminal — human-readable, color-coded findings (default).
  • JSON via --json — machine-readable output for pipelines.
  • SARIF v2.1.0 via --sarif — GitHub Code Scanning integration.
  • JUnit XML via --junit — compatible with test reporters.
  • GitHub annotations via --github-annotations — native ::warning / ::error on PRs.
Governance

--fail-on <severity>

Set your failure threshold: critical, high, medium, or low. Non-matching findings stay as warnings.

Strict Mode

--strict

Exit code 1 on any finding — useful for blocking merges during rollout.

GitHub Native

--github-annotations

Emit inline PR annotations without touching your workflow YAML.

The Verification Pipeline

Every PR flows through three stages: validation, analysis, and enforcement.

Ingress Sentinel

Every webhook is cryptographically signed and validated before entering the execution environment.

VERIFYING_SIG: 0x82f...91a
PAYLOAD_INTEGRITY: VALID
TRACING_ID: GR-90122-TX

25 Rule Packs

Secrets Detection
Test Gap Analysis
Dependency Review
Insecure Patterns
Sensitive Path Detection
Diff Size Analysis
File Scope Analysis
Config & Permissions Review
AI-Generated Code Detection

Plus framework-specific rule packs for additional language and library coverage

Policy Engine

The policy engine evaluates each PR against your configured rules and determines whether to pass, warn, or block the merge.

CONSENSUS MATCH100%
Dashboard

Reports, baselines, and audit trails

Everything auditors, managers, and compliance officers ask for — in the product, not a slide deck.

PDF Reports

Export Quick or Executive reports straight from the dashboard — with risk trends, repo breakdowns, and top contributors. Share with stakeholders who don't live in GitHub.

Baseline Scanning

Establish a risk baseline across connected repositories, then track drift over time — so you can see whether risk is trending up or down, and where.

Audit Logs

Every policy change, repo toggle, and enforcement action logged with actor, timestamp, and before/after values. Filterable by action, resource, actor, and date.

Data Retention Controls

Configure per-resource retention (analysis results, audit logs, baseline data) from the Settings page. A background worker enforces expiry daily.

GDPR Data Export

One-click JSON export of personal data from the Account page — built-in Article 20 (right to portability) compliance, not a ticket queue.

Guided Onboarding

A three-step wizard takes teams from repository selection through rule packs to Slack alerts, so PR reviews start landing without a configuration detour.

Ready to harden your pipeline?

Try Pullminder free for your first 100 pull requests. Full Team tier access, no credit card required.

Get Started Free Security & Trust