Transitive vulnerabilities
Several layers deep, through the full dependency graph — not just the dependencies you added directly.
Kusari Inspector reviews every pull request — code and dependencies, several layers deep — and tells developers what's safe to merge, right in the tools they already use. You set the guardrails; they avoid the rework.
No agents, no config, no pipeline surgery. Install the GitHub App and Inspector starts reviewing pull requests right away.
Add the official Kusari Inspector app from the GitHub Marketplace.
Install the app →Choose the repositories you want Inspector to watch over.
Inspector reviews every pull request automatically — no further setup.
Coding agents ship working software fast — but not necessarily secure software. Agents pull in dependencies nobody vetted. Inspector reviews every change the same way, whether a human or an agent wrote it, plus the dependencies that come along for the ride.
Take a self-guided tour through a PR review — transitive dependency intelligence, fix-in-context, and safe-to-merge signals, exactly as your developers see them.
Inspector runs dependency and code analysis on every pull request, highlighting issues in transitive dependencies that reviewers don't have time to investigate. One review, the whole blast radius.
Several layers deep, through the full dependency graph — not just the dependencies you added directly.
API keys, tokens, and credentials caught before they land in your git history.
Dependency-confusion, typosquats, and known-malicious packages — including ones an AI agent suggested.
Risky and policy-violating licenses flagged before they ship in your product.
Unmaintained and end-of-life components that won't get a security patch when one is needed.
Misconfigured GitHub Actions and over-privileged pipeline permissions.
SQL injection and similar flaws — verified against how the code is actually used, not just pattern-matched.
Risky patterns and unsafe shortcuts in agent- and LLM-written changes.
Most AI review tools just feed your code to a model and forward whatever it says — hallucinations and all. Inspector orchestrates the established security tools you already trust, then verifies every finding against your code to eliminate noise.
No rip-and-replace. Inspector speaks 10+ languages and ecosystems and runs wherever your code lives — the GitHub App, CI/CD, the CLI, your IDE, and coding agents. One consistent security check across a polyglot org.
Native pull request reviews with go/no-go comments. Install on your repos in 15 seconds.
Setup guide →Drop the Inspector action into any GitHub Actions workflow to gate merges on security.
Setup guide →Merge request analysis inside the code review your team already does.
Setup guide →Ready-made pipeline templates to add Inspector to your builds and gate on every change.
CI templates →Run the same analysis locally before you ever open a pull request.
Setup guide →Feedback inside your editor and in the agents writing alongside you.
View integrations →Give your AI coding agents a security check they can call on demand.
View integrations →Free to install, no sales call required. Add Inspector to your repos and get a security review on your very next pull request.