# Claude Code Security Review Automated security review feature in [[Claude Code]] that scans codebases for common vulnerabilities and proposes fixes. Two delivery modes: the `/security-review` slash command for on-demand local scans, and the [`anthropics/claude-code-security-review`](https://github.com/anthropics/claude-code-security-review) GitHub Action for automated PR reviews. Available to Pro, Max, and pay-as-you-go API Console users at no additional tier cost beyond the underlying token usage. ## Two modes - **`/security-review` slash command**: runs inside any Claude Code session. Analyzes the current project, surfaces findings, optionally proposes patches. Customize the prompt via `.claude/commands/security-review.md` (see [[Claude Code Custom Commands]]). - **GitHub Action**: triggers automatically on `pull_request` events; analyzes only changed files (diff-aware); posts inline comments on the specific lines that need attention. ## Vulnerability classes covered - Injection: SQL, command, LDAP, XPath, NoSQL, XXE - Cross-site scripting (XSS): reflected, stored, DOM-based - Authentication and authorization: broken auth, privilege escalation, IDOR, session flaws - Cryptographic issues: weak algorithms, key management, insecure RNG - Data exposure: hardcoded secrets, sensitive data logged, PII handling - Input validation: missing sanitization, buffer overflows - Business logic flaws: race conditions, TOCTOU - Configuration: insecure defaults, missing headers, permissive CORS - Supply chain: vulnerable dependencies, typosquatting - Code execution: RCE via deserialization, pickle/eval injection ## False-positive filtering Out of the box, the action excludes categories with high noise-to-signal ratios: denial-of-service, rate limiting, memory/CPU exhaustion, generic input-validation findings without proven impact, and open redirects. The filter is tunable per project via `false-positive-filtering-instructions` (path to a markdown file with extra rules). Organization-specific scan rules go into `custom-security-scan-instructions`. ## GitHub Action setup Minimal `.github/workflows/security.yml`: ```yaml name: Security Review permissions: pull-requests: write contents: read on: pull_request: jobs: security: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 with: ref: ${{ github.event.pull_request.head.sha || github.sha }} fetch-depth: 2 - uses: anthropics/claude-code-security-review@main with: comment-pr: true claude-api-key: ${{ secrets.CLAUDE_API_KEY }} ``` Notable inputs: - `claude-api-key` (required): must be authorized for both the Claude API and the Claude Code tool - `comment-pr` (default `true`): post findings inline on the PR - `upload-results` (default `true`): upload JSON results as a workflow artifact - `exclude-directories`: comma-separated list to skip - `claude-model` (default `claude-opus-4-1-20250805`) - `claudecode-timeout` (default 20 minutes) - `run-every-commit` (default `false`): skips cache; higher false-positive rate - `false-positive-filtering-instructions`, `custom-security-scan-instructions`: paths to custom rule files Outputs: `findings-count`, `results-file`. ## Security warning The action is **not hardened against [[Prompt injection]] attacks** and should only review trusted PRs. For public repositories, enable GitHub's "Require approval for all external contributors" setting so fork PRs don't auto-trigger the workflow. ## How it differs from siblings - **vs [[Claude Code Review]]**: that's the broader multi-agent code review system for general bugs and code-quality issues, gated to Team/Enterprise plans, billed $15-25 per review. Security Review is narrower (security only), open source, and available on any paid Claude plan. - **vs traditional SAST tools** (Semgrep, Snyk Code, GitHub CodeQL): rule-based scanners produce many false positives and miss context-dependent flaws. Claude-driven review reads the actual code intent, filters by impact, and explains findings in natural language. Treat them as complementary, not substitutes. The official docs are explicit: automated reviews complement, never replace, manual code review and existing security practices. ## References - Support article: https://support.claude.com/en/articles/11932705-automated-security-reviews-in-claude-code - GitHub Action: https://github.com/anthropics/claude-code-security-review ## Related - [[Claude Code]] - [[Claude Code Review]] - [[Claude Code Custom Commands]] - [[GitHub Actions]] - [[Prompt injection]]