Yesterday, Anthropic officially introduced automated security reviews in Claude Code. This includes two new features- GitHub Actions Integration and a new /security-review command, using which you can identify security concerns and then have it fix them.
Automated Security Review in Claude Code
Review the code for vulnerabilities
The new /security-review command lets you run ad-hoc security analyses from your terminal before committing code. Developers can run the command in Claude Code, and Claude will search your codebase for potential vulnerabilities and provide detailed explanations of any issues found. The command checks for common vulnerability patterns, including:
- SQL injection risks
- Cross-site scripting (XSS) vulnerabilities
- Authentication and authorization flaws
- Insecure data handling
- Dependency vulnerabilities
You can also ask Claude Code to implement fixes for each issue after they’re identified.
Automate security reviews for new pull requests
The new GitHub action for Claude Code takes security reviews a step further by automatically analyzing every pull request when it’s opened. When configured, the action:
- Triggers automatically on new pull requests
- Reviews code changes for security vulnerabilities
- Applies customizable rules to filter out false positives and known issues
- Post comments inline on the PR with any concerns found, including recommendations for fixes
The action integrates with your existing CI/CD pipeline and can be customized to match your team’s security policies.
Availability
Both features are available now for all Claude Code users. To start using automated security reviews:
- For the /security-review command: Simply update Claude Code to the latest version and run /security-review in your project directory.
- For the GitHub action: See the documentation for step-by-step installation and configuration instructions.
