This project is an automated AI-driven CI/CD pipeline that transforms code reviews into a seamless serverless workflow. By integrating GitHub Actions with AWS Lambda and Amazon Bedrock, it performs deep architectural audits for every Pull Request. It generates professional PDF reports via the FPDF library, archives them in Amazon S3, and posts results directly back to GitHub. This ensures secure, scalable, and context-aware code analysis using Claude 3.5 Sonnet.
In modern DevSecOps workflows, manual code reviews can be a bottleneck. This project solves that by automating the initial pass of code review using AI.
Whenever a developer pushes code or opens a Pull Request (PR), the system automatically:
- Captures the Diff: GitHub Actions extracts the changes.
- Analyzes with AI: A secured AWS Lambda function invokes Amazon Bedrock to review the code against security, performance, and quality standards.
- Generates a Report: A comprehensive PDF report is generated and stored in S3.
- Notifies the Developer: The PR is commented on with a direct link to the review report.
This ensures that every line of code is reviewed for OWASP Top 10 vulnerabilities, clean code principles, and optimization opportunities before it even reaches a human reviewer.
The system is built on a fully serverless, event-driven architecture ensuring scalability and low maintenance.
- GitHub Actions: Orchestrates the CI/CD workflow, capturing git diffs and triggering the analysis.
- AWS Lambda: The compute engine that processes the diff and interacts with the AI model.
- Amazon Bedrock: The generative AI engine (using Claude or Titan models) providing deep code analysis.
- Amazon S3: Secure storage for the generated PDF reports.
- AWS IAM: Granular permission management to ensure least-privilege access between services.
The core intelligence lies in how the AI model processes context. We don't just send raw code; we send a structured prompt combining System Persona (Senior Security Engineer) and User Context (Git Diff).
The AI evaluates:
- Security: Hardcoded credentials, injection risks, insecure dependencies.
- Performance: O(n^2) loops, memory leaks, inefficient queries.
- Maintainability: SOLID principles, function complexity, naming conventions.
This image illustrates the CI/CD pipeline in motion. The GitHub Actions workflow, "stable AI code review workflow," has executed successfully. It tracks every step from checking out the repository and configuring AWS credentials to invoking the Lambda function and extracting the final PDF URL. It serves as proof of a robust, automated integration between GitHub and AWS.
This screenshot captures the Amazon S3 console, showing the reports/ directory within your dedicated bucket. It lists the generated PDF code review artifacts, each tagged with a unique identifier. This highlights the project’s ability to store historical audits securely, ensuring that every code review is archived as a persistent, downloadable resource for the development team. Within seconds, the AI posts a comment on your PR with a secure link to the detailed report.
The final piece of the puzzle: a GitHub Pull Request showing a successful automated check. The "AI Code Review" job is marked with a green checkmark, indicating that the code has been audited and the report is ready. This demonstrates how the tool provides immediate feedback within the developer's native workflow, helping catch security flaws and logical errors before any code is merged.
- Cloud Provider: AWS (Lambda, S3, IAM, Bedrock)
- CI/CD: GitHub Actions
- AI Model: Amazon Bedrock (Claude 3 / Titan)
- Language: Python (Boto3, PDF generation)
- Infrastructure: Serverless
- AWS Account with Bedrock access enabled.
- GitHub Repository.
- Clone the Repo
git clone https://github.com/your-username/ai-code-reviewer.git
- Deploy AWS Infrastructure
- Create S3 Bucket.
- Deploy Lambda Function (upload code from
src/). - Configure IAM Roles.
- Configure GitHub Secrets
AWS_ACCESS_KEY_IDAWS_SECRET_ACCESS_KEYAWS_REGIONS3_BUCKET_NAME
This project demonstrates the power of combining cloud-native serverless infrastructure with modern AI capabilities to enhance developer's productivity.