Kusari Inspector Instant security review where developers already work

Secure every change before it ships.

Kusari Inspector reviews every pull request — code and dependencies, several layers deep — and tells developers what's safe to merge, right in the tools they already use. You set the guardrails; they avoid the rework.

Trusted by developers and security teams.
Always private — your code stays in your repos, never stored. Verified, not guessed — trusted security tools and your code as context cut the noise.
Up and running in a few clicks

Fast and easy: 15-second install.

No agents, no config, no pipeline surgery. Install the GitHub App and Inspector starts reviewing pull requests right away.

1

Install the GitHub App

Add the official Kusari Inspector app from the GitHub Marketplace.

Install the app
2

Select repositories

Choose the repositories you want Inspector to watch over.

3

Ship with confidence

Inspector reviews every pull request automatically — no further setup.

Read the integration docs
▸ Built for the AI-coding era

Guardrails for code written at AI speed.

Coding agents ship working software fast — but not necessarily secure software. Agents pull in dependencies nobody vetted. Inspector reviews every change the same way, whether a human or an agent wrote it, plus the dependencies that come along for the ride.

  • Every change, every author. Human commits and AI-generated diffs get the same security review before they merge — no change skips the line.
  • You set the guardrails once. Define what's allowed; Inspector enforces it consistently in every pull request. No policing, no bottleneck — guardrails, not roadblocks.
  • Extend left, don't dump left. Security spans the whole lifecycle. Inspector brings the answer to the developer instead of making them the sole owner of it.
PR #487 · agent: add retry helper
ai/retry-helper → main
Kusari Inspector · Blocked
AI-generated change
Code analysis: clean
no secrets, injection, or insecure patterns introduced
New dependency — typosquat
agent added retry-axios-helper · 4 days old · 1 publish
Known-good package is retry-axios · policy: block unvetted packages
Recommendation
-  "retry-axios-helper": "^1.0.0"

+  "retry-axios": "^3.0.0"
2 checks · 1 blocking · 5.4s ▸ kusari/inspector
See it in action

Watch issues get caught before they're merged.

Take a self-guided tour through a PR review — transitive dependency intelligence, fix-in-context, and safe-to-merge signals, exactly as your developers see them.

What it catches

Find the risks over-worked reviewers miss.

Inspector runs dependency and code analysis on every pull request, highlighting issues in transitive dependencies that reviewers don't have time to investigate. One review, the whole blast radius.

Transitive vulnerabilities

Several layers deep, through the full dependency graph — not just the dependencies you added directly.

Leaked secrets & credentials

API keys, tokens, and credentials caught before they land in your git history.

Malicious & typosquatted packages

Dependency-confusion, typosquats, and known-malicious packages — including ones an AI agent suggested.

License & compliance risk

Risky and policy-violating licenses flagged before they ship in your product.

EOL & deprecated dependencies

Unmaintained and end-of-life components that won't get a security patch when one is needed.

Insecure CI/CD workflows

Misconfigured GitHub Actions and over-privileged pipeline permissions.

Common code weaknesses

SQL injection and similar flaws — verified against how the code is actually used, not just pattern-matched.

AI-generated code risk

Risky patterns and unsafe shortcuts in agent- and LLM-written changes.

▸ How it works

Facts, not vibes.

Most AI review tools just feed your code to a model and forward whatever it says — hallucinations and all. Inspector orchestrates the established security tools you already trust, then verifies every finding against your code to eliminate noise.

  • Real tools, not raw output. Vetted analyzers do the detection; the AI does the reasoning.
  • Context cuts the noise. A finding in a test fixture isn't the same as one in a request handler — Inspector knows the difference.
  • Answers in seconds. A clear go/no-go and the fix, posted as a PR comment you can reply to.
  • Fix it once and fix it right. Inspector scores the whole tree and hands back the fix that actually clears the finding — not just the next alert in the chain.
Stage 01
Analyze
Inspector picks the right established security tools for each language and runs them across the changed code and the full dependency graph.
Stage 02
Verify in context
It reads your code to confirm each finding is real and reachable — is that SQL injection in a test or a live handler? — and discards the false positives.
Stage 03
Recommend
You get a go/no-go call with the specific fix in context — right in the pull request, where you can ask follow-up questions.
Built to interoperate

Works where your developers are.

No rip-and-replace. Inspector speaks 10+ languages and ecosystems and runs wherever your code lives — the GitHub App, CI/CD, the CLI, your IDE, and coding agents. One consistent security check across a polyglot org.

GitHub App

Native pull request reviews with go/no-go comments. Install on your repos in 15 seconds.

Setup guide

GitHub Action

Drop the Inspector action into any GitHub Actions workflow to gate merges on security.

Setup guide

GitLab

Merge request analysis inside the code review your team already does.

Setup guide

CI/CD pipelines

Ready-made pipeline templates to add Inspector to your builds and gate on every change.

CI templates

Kusari CLI

Run the same analysis locally before you ever open a pull request.

Setup guide

Coding agent integration

Feedback inside your editor and in the agents writing alongside you.

View integrations
Supported languages & ecosystems
Go Node.js Python Java Rust Ruby .NET Maven Terraform OpenTofu + more
Get started

Secure your next PR in minutes.

Free to install, no sales call required. Add Inspector to your repos and get a security review on your very next pull request.