Skip to content

YangYang-Research/yang-code-review

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace
BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

48 Commits
.github/workflows
.github/workflows
 
 
dist
dist
 
 
src
src
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
action.yml
action.yml
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 

Repository files navigation

YangYang_Icon_Merge

Yang Code Review (YCR)

Yang Code Review (YCR) is a AI agent that helps you review code changes in your GitHub repositories.

📝 Yang Code Review Standard

Follow the OWASP Secure Code Review Checklist to review the code changes. And provide a detailed report of the code changes.

OWASP Secure Code Review Checklist Description
1. Authentication & Session Management Ensure that the authentication and session management are secure.
2. Authorization & Access Control Ensure that the authorization and access control are secure.
3. Input Validation & Sanitization Ensure that the input validation and sanitization are secure.
4. Injection Prevention Ensure that the injection prevention are secure.
5. Cryptography & Data Protection Ensure that the cryptography and data protection are secure.
6. Error Handling & Logging Ensure that the error handling and logging are secure.
7. Cross-Site Scripting (XSS) Prevention Ensure that the cross-site scripting (XSS) prevention are secure.
8. Security Headers Ensure that the security headers are secure.
9. Dependency Management Ensure that the dependency management are secure.
10. Configuration Security Ensure that the configuration security are secure.
11. API Security Ensure that the API security are secure.
12. File & Resource Management Ensure that the file and resource management are secure.
13. Deserialization Security Ensure that the deserialization security are secure.
14. Business Logic Security Ensure that the business logic security are secure.
15. Monitoring & Incident Response Ensure that the monitoring and incident response are secure.

💰 Free Trial

Account Type Client ID Client Secret Quota Input Limit Output Limit
Free Trial zekX2UMXId 1/P5uT4+S`0-\19/o62m 25 requests per day 512 tokens 4096 tokens

Note: The quota is reset at 00:00 UTC every day.

🤖 Models Supported

Model Name Description
anthropic_claude_sonet_4_5 Claude Sonet 4.5
gpt_oss_120b GPT-OSS 120B
llama_4_scout_17b_instruct Llama 4 Scout 17B Instruct

🤖 Agents Supported

Agent Name Description
yang-code-review YangYang Code Review

🔐 Required Secrets

  • CLIENT_ID – Client ID for authentication with the YangYang API service
  • CLIENT_SECRET – Client secret for authentication with the YangYang API service
  • GITHUB_TOKEN – GitHub token for PR comments

⚙️ Inputs

Name Required Description
CLIENT_ID yes Client ID for authentication with the YangYang API service
CLIENT_SECRET yes Client secret for authentication with the YangYang API service
AGENT_NAME yes Name of the agent to use for code review
MODEL_NAME yes Name of the model to use for code review
MODEL_TEMPERATURE yes Temperature for the model
GITHUB_TOKEN yes GitHub token for PR comments

🚀 Usage Example

name: YangYang Code Review (YCR)

on:
  push:
    branches: [ main ]
  pull_request:
    branches: [ main ]

jobs:
  code-review:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v3

      - name: yang-code-review
        uses: YangYang-Research/yang-code-review@v1.0.11
        with:
          CLIENT_ID: ${{ secrets.YANG_CLIENT_ID }}
          CLIENT_SECRET: ${{ secrets.YANG_CLIENT_SECRET }}
          AGENT_NAME: 'yang-code-review'
          MODEL_NAME: 'anthropic_claude_sonet_4_5'
          MODEL_TEMPERATURE: 0.7
          GITHUB_TOKEN: ${{ secrets.GH_PAT }}

Report Template

# Yang Code Review (YCR) Report

**Summary:**
- Total vulnerabilities found: [count]
- Critical: [count]
- High: [count]
- Medium: [count]
- Low: [count]
- Info: [count]

**Detailed Findings:**

[SEVERITY] [Vulnerability Type]
Location: [file:line]
Description: [detailed explanation]
Impact: [potential security impact]
Recommendation: [specific remediation steps]
Code Example: [if applicable]

## OWASP Secure Code Review Checklist

[Detail OWASP Secure Code Review Checklist](https://owasp.org/www-project-secure-coding-practices-quick-reference-guide/)

### Report Generated by Yang Code Review (YCR) - YangYang Organization

🛡 Security

  • CLIENT_ID, CLIENT_SECRET, GITHUB_TOKEN are masked automatically in GitHub Actions logs

🏷 Marketplace

This action is marketplace-ready:

  • Bundled with @vercel/ncc
  • Branded icon & color
  • Semantic versioning recommended (v1, v1.1.0)

🏗 Build (Required) - For Developers

This action uses @vercel/ncc to bundle all dependencies into a single file.

npm install
npm run build

This will generate dist/index.js which must be committed.

📝 License

This project is licensed under the MIT License - see the LICENSE.md file for details.

🤝 Contributing

Contributions are welcome! Please feel free to submit a pull request.

About

Yang Code Review (YCR)

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

yang-code-review Latest
Dec 27, 2025

Languages