Code review & security/audit tools - any recommendations?

Gipity-Steve · December 6, 2025, 6:58am

Fun so what’s the process you follow to use it?

shawn93 · December 6, 2025, 1:30pm

Basically just following git and review at the pull request before merging.

rajharrykissoon · December 7, 2025, 12:37am

In CodeRabbit, I simply prompted: @coderabbitai full review

In Replit Plan mode I prompted:
Please perform a comprehensive security and code quality review of the codebase. Analyze the entire project and create a detailed task list for improvements in these areas:

Security Analysis
Code Quality
Architecture Review
Healthcare Compliance
Performance & Scalability

For each issue found, provide:

File location and line numbers
Severity level (Critical/High/Medium/Low)
Specific recommendation
Code example of the fix

Create a prioritized task list for addressing these findings.

Gipity-Steve · December 7, 2025, 8:56am

Yes I have a similar audit prompt I wrote to run in Replit’s plan mode, and am generally happy with the results.

But I am curious if running Coderabbit on my app as an alternative to my own audit prompt is worth it?

Gipity-Steve · December 9, 2025, 7:00am

I have decided CodeRabbit is not what I want for reviewing my Replit apps.

I started playing with it properly today, and seems it only works off repo pull requests. i.e. it only scans newly changed files.

But I want to take a finished app and say “review the entire codebase”. But to achieve this, I would have to create a pull request where I had touched (changed) all files.

My ongoing audit process:

Yet again, the answer is “no external tools needed. Just use Replit for everything”

I will continue with my own auditing prompt that I drop into the agent. And it is free, unlike CodeRabbit’s $24/month

shawn93 · December 9, 2025, 3:58pm

Personally, I’ve enjoyed it a lot. It did catch some things that Replit did not. I’m running a prompt in Replit, npm audit in Shell (npm installed), then CodeRabbit.ai before merge. I really like how it generates documentation and you can set how nit-picky it is with the code to bring up suggestions on changes/security risks. Looks like it has a bit more functionality than that, but need to take the time to learn it better among the million other things I have on my to-do-list.

shawn93 · December 11, 2025, 2:26pm

I think like @rajharrykissoon said there is a way to prompt full review.

I do remember in the initial review there is a token limit, so if it’s a large app it might not be the right fit.

I’m thankful for it though because it caught a big vulnerability that npm/replit did not (and it had been there for a while).

Topic		Replies	Views
CodeRabbit, Checking, Validating Replit Coding Agent & Assistant	1	53	September 28, 2025
Try this to audit your app's codebase Tips & Tricks using-replit , how-to , agent , testing , code-audit	0	59	September 20, 2025
Re-factoring with Replit AI agent is a dream Tips & Tricks using-replit , how-to , database , workspace , agent , deployments	9	142	August 6, 2025
Alternatives: Please suggest Agent & Assistant using-replit , workspace , agent , announcement	26	334	September 23, 2025
Pair Programming with Replit's AIs Tips & Tricks	9	227	August 8, 2025

Code review & security/audit tools - any recommendations?

Related topics