Vanilla Sky Scanner

December 8, 2025

Version updated for https://github.com/Yemresalcan/Check-Exploit to version v1.

This action is used across all versions by ? repositories.

Go to the GitHub Marketplace to find the latest changes.

Release notes

Short Description: Check-Exploit is a powerful GitHub Action designed to automatically scan your Pull Requests for security vulnerabilities before they merge. Leveraging a hybrid approach of static code analysis with intelligent AI capabilities (Google Gemini), it provides actionable insights and helps maintain a secure codebase.

Long Description / Features:

Check-Exploit: Your AI-Powered PR Security Guardian

In today’s fast-paced development cycles, integrating security early is paramount. Check-Exploit brings robust static application security testing (SAST) directly into your GitHub Pull Request workflow, ensuring that security flaws are caught and remediated before they ever reach your main branch.

Key Features:

Automated PR Scanning: Automatically triggers on every Pull Request (opened or synchronized), providing immediate feedback to developers and reviewers.
Hybrid Analysis Engine: Combines the speed and precision of rule-based (regex) pattern matching for common, critical vulnerabilities with the deep understanding of Google Gemini AI for complex, contextual security flaws.
Definitive Vulnerability Identification: For issues detected via static rules, it provides specific CWE (Common Weakness Enumeration) (https://cwe.mitre.org/) IDs, along with severity, detailed messages, and direct links to official CWE documentation.
AI-Powered Deep Scan (Optional): When a gemini-api-key is provided, the bot sends code snippets to Google Gemini, enabling it to identify more subtle and context-dependent vulnerabilities that static rules might miss. Gemini returns findings in a structured JSON format, including CWE IDs where applicable.
Actionable Remediation Suggestions: Each detected vulnerability comes with clear, concise suggestions on how to fix the issue, guiding developers towards secure coding practices.
PR Commenting: All findings are posted directly as comments on the Pull Request, making security reviews an integral part of the development discussion.
Configurable AI Model: Choose your preferred Google Gemini model (e.g., gemini-1.5-flash, gemini-1.5-pro) for AI analysis.
Secure by Design: Leverages GitHub’s built-in GITHUB_TOKEN for secure API interactions and uses repository secrets for sensitive API keys (e.g., GEMINI_API_KEY).

Why Check-Exploit? Avoid costly security breaches and maintain compliance by shifting security left in your development lifecycle. Check-Exploit acts as an intelligent security peer reviewer, empowering your teams to build more secure software from the ground up with confidence and efficiency