When you open a pull request on any connected repository, Rover automatically scans the code for issues it has introduced, either within the PR or an impact on the wider codebase. Any issues that are raised are commented on in the code.

Each alert consists of:

  • Summary of the issue
  • More detailed description
  • a severity, one of nit, low, medium, high, critical
  • (optionally) file and code lines to which the alert relates
  • (optionally) a prose or code fix
    • code fixes are sent to GitHub as code suggestions, so you can approve them to be committed in a click

Rover prioritises identifying alerts that can have impact on the availability and performance of your system, such as performance degradations, bugs and errors in business logic, security risks, compliance risks.

Rover does not typically call out stylistic or other minor coding issues unless they might interfere with your teams understanding of the code. For example, a function getGitLabToken which implements logic for GitHub would probably see an alert raised, but getGitHuubToken might not.

How Rover Runs Alert Scans

When Rover runs a scan, it indexes the code branch to build up a map of functions and other code snippets, and the connections between them, to form a graph of your services. An LLM is then given access to various tools to plan and query potential risks in your code, such as navigating the graph and reviewing source code.

Rereviews

If you’ve pushed more code to the branch and want Rover to take another pass at the PR, simple comment @rover review in a PR comment (not a thread). Rover will run another alert scan on the PR, notifying you of any new issues you might have introduced, and automatically closing issues you’ve since resolved.

FAQ

How do I turn it off/on?

Go to the Rover platform > your org > repositories. Each repository card will have a “pull requests” toggle, indicating whether pull requests will be scanned.

Does Rover learn the quirks of my codebase?

Yes! There is an automated fact-finding process when you connect your codebase, which will identify logical groups of code and identify their purposes, but you can also tell Rover information about your code to generate better results.

To do so, head to your repository settings and go to learnings. Simply write a short sentence for each fact about your codebase. Useful learnings include the names and purposes of services, patterns you employ, how the code is deployed, information about your userbase.

How do I give feedback?

Coming Soon

There are a number of improvements we’re planning on making to alert scans, some of which we’ve outlined below.

If any of these (or something not listed) would be a killer feature for you team, get in touch so we can best prioritise the roadmap.

Custom Alert scans

We are working on giving you the ability to run custom alert scans to trigger on PRs, based on some metadata of the PR. For example, in response to previous issues you’ve had you could set Focus on security issues relating to handling of file uploads to run on PRs which changes code in your src/api/fileUploads.ts file.

Chat with alerts

Soon you’ll be able to respond to Rover in the PR to learn more about the alerts that have been raised, or to ask about the code more generally.

Tracking alerts across branches

Sometimes we look at alerts and think it’s not a now problem. The question is, how do you track that alert to know when it does become a now problem? Currently, Rover PR alerts live only on that branch - we don’t track across merges.