Code Alerts
Scan your code for potential issues
When you open a pull request on any connected repository, Rover automatically scans the code for issues it has introduced, either within the PR or an impact on the wider codebase. Any issues that are raised are commented on in the code.
Each alert consists of:
- Summary of the issue
- More detailed description
- a severity, one of
nit
,low
,medium
,high
,critical
- (optionally) file and code lines to which the alert relates
- (optionally) a prose or code fix
- code fixes are sent to GitHub as code suggestions, so you can approve them to be committed in a click
Rover prioritises identifying alerts that can have impact on the availability and performance of your system, such as performance degradations, bugs and errors in business logic, security risks, compliance risks.
Rover does not typically call out stylistic or other minor coding issues
unless they might interfere with your teams understanding of the code.
For example, a function getGitLabToken
which implements logic for GitHub
would probably see an alert raised,
but getGitHuubToken
might not.
How Rover Runs Alert Scans
When Rover runs a scan, it indexes the code branch to build up a map of functions and other code snippets, and the connections between them, to form a graph of your services. An LLM is then given access to various tools to plan and query potential risks in your code, such as navigating the graph and reviewing source code.
Rereviews
If you’ve pushed more code to the branch and want Rover to take another pass at the PR,
simple comment @rover review
in a PR comment (not a thread).
Rover will run another alert scan on the PR,
notifying you of any new issues you might have introduced,
and automatically closing issues you’ve since resolved.
FAQ
How do I turn it off/on?
Go to the Rover platform > your org > repositories. Each repository card will have a “pull requests” toggle, indicating whether pull requests will be scanned.
Does Rover learn the quirks of my codebase?
Yes! There is an automated fact-finding process when you connect your codebase, which will identify logical groups of code and identify their purposes, but you can also tell Rover information about your code to generate better results.
To do so, head to your repository settings
and go to learnings
.
Simply write a short sentence for each fact about your codebase.
Useful learnings include
the names and purposes of services,
patterns you employ,
how the code is deployed,
information about your userbase.
How do I give feedback?
Coming Soon
There are a number of improvements we’re planning on making to alert scans, some of which we’ve outlined below.
If any of these (or something not listed) would be a killer feature for you team, get in touch so we can best prioritise the roadmap.
Custom Alert scans
We are working on giving you the ability
to run custom alert scans to trigger
on PRs,
based on some metadata of the PR.
For example,
in response to previous issues you’ve had
you could set Focus on security issues relating to handling of file uploads
to run
on PRs which changes code in your src/api/fileUploads.ts
file.
Chat with alerts
Soon you’ll be able to respond to Rover in the PR to learn more about the alerts that have been raised, or to ask about the code more generally.
Tracking alerts across branches
Sometimes we look at alerts and think it’s not a now problem. The question is, how do you track that alert to know when it does become a now problem? Currently, Rover PR alerts live only on that branch - we don’t track across merges.