Skip to main content
When a pull request (GitHub) or merge request (GitLab) is opened or updated, Gecko runs a PR scan: a single agent reads the whole diff and classifies each finding as new, persisting, or fixed. PR scans reuse the latest wiki, so they’re fast.

What you get on a PR

Check run result

Gecko posts a pass/fail check back to GitHub or GitLab so reviewers see the security status inline.

Review summary

A security-focused summary of the changed files that matter, explained in the context of your application’s architecture.

New vs. existing

Findings introduced by the PR are separated from pre-existing ones, so reviewers focus on what the change adds.

Inline fixes

Gecko can commit a fix directly to the PR branch. See Auto-fix PRs.

Configure PR behavior

Go to Settings > Pull Requests to control:
  • Trigger: whether PR/MR scans run automatically.
  • Fail-on severity: the severity threshold that fails the check (for example, fail on High and above).
  • Review summary: whether Gecko posts the summary comment.
  • Auto-fix: whether Gecko offers or commits fixes on PRs.
  • Fix branch prefix: the branch prefix for fix PRs (default gecko/).
Start with the check in a non-blocking mode while your team gets used to the signal, then raise the fail-on-severity threshold once findings are trusted.

Prerequisites

PR checks require a connected provider and a webhook with pull/merge request events enabled.