Every PR gets a
risk score
MicroReview scores every pull request 0-100 for risk. Critical issues block the merge. Secrets get caught. Logic bugs get flagged. Clean PRs auto-approve. $19/repo — not $24/seat.
SECRET_DETECTION — Stripe live secret key in source code. Anyone with repo access can make charges or access customer data.
+ @Value("${stripe.api.key}") String apiKey;
AI_BUG_DETECTION — Division by size() computes the average, not the total. Every customer will be undercharged.
+ .sum();
Works with
Watch it work
See MicroReview review a real pull request
A two-minute look at how it catches bugs and secrets, scores the PR, and blocks risky merges.
The Problem
Code reviews are broken
Your team ships fast, but every PR is a bottleneck. Reviewers are overwhelmed, bugs slip through, and secrets get committed. Sound familiar?
Reviews take forever
Senior devs spend hours reviewing PRs instead of building. Junior devs wait days for feedback. Velocity drops, frustration rises.
Human reviewers miss bugs
Studies show code review catches only 25-60% of defects. Logic errors, edge cases, and race conditions slip through tired eyes.
Secrets leak into repos
API keys, database passwords, and tokens get committed daily. One leaked credential means breached customer data and a PR nightmare.
Bugs in prod cost more
A bug caught in code review costs $100 to fix. The same bug in production? $1,000+. Plus downtime, hotfixes, and on-call pages at 3 AM.
Why MicroReview
What we do that nobody else does
We studied CodeRabbit, Codacy, SonarQube, and DeepSource. Then we built the features they're missing and priced it so you don't need a procurement process.
Quantitative risk scoring
Every PR gets a 0-100 risk score. Set your auto-approve threshold at <30 and block at >70 — fully customizable per repo. Not vague comments — an actual decision framework.
CodeRabbit, Codacy, and DeepSource give you comments. We give you configurable merge gates.
Per-repo pricing, not per-seat
CodeRabbit charges $24/seat/month. A team of 10 devs = $240/month. MicroReview charges $19/repo — your entire team reviews for one flat price. Same repo, any number of developers.
10 devs on 3 repos: CodeRabbit = $720/mo. MicroReview = $57/mo.
Zero-config instant setup
Install the GitHub App. That's it. No YAML files to write, no onboarding calls to schedule, no infrastructure to provision. Sensible defaults work out of the box.
SonarQube needs server setup. Codacy needs a 14-day onboarding. We need one click.
Critical issues actually block merges
MicroReview uses the GitHub Checks API to post a required status check. A PR with a leaked secret or critical vulnerability literally cannot be merged until it's fixed.
Other tools post comments that get ignored. We enforce the rules at the merge button.
Actually free, not a 14-day trial
2 repos and 50 reviews per month — free forever. No credit card required, no "trial expired" emails. Perfect for indie devs, side projects, and open source.
CodeRabbit's free tier is a 14-day trial. SonarQube Cloud's free tier has severe limits. Ours is real.
You see exactly what fired and why
Every finding shows the rule name, the exact line, the severity, and a human-readable explanation. No black-box AI magic — you can audit, dismiss, or configure every rule.
Codacy and SonarQube bury findings in dashboards. We put them inline where you review code.
Features
Everything you need to
ship with confidence
Six layers of analysis on every pull request. Catches what humans miss and explains why it matters.
Secret Detection
Catches API keys, passwords, tokens, and private keys before they leak. 13 patterns covering AWS, Stripe, GitHub, and more.
AI Bug Detection
GPT-4 finds logic bugs regex can't catch — off-by-ones, null derefs, wrong operators, race conditions, and silent data corruption.
Incremental Reviews
Only reviews new changes, not the entire PR. Fast, focused feedback on what actually changed — no noise from existing code.
Security SAST
SQL injection, XSS, command injection, weak crypto, path traversal, and hardcoded credentials — caught before merge.
Risk Scoring
Every PR gets a 0-100 risk score. Set your auto-merge threshold (e.g. <30) and block threshold (e.g. >70). Fully customizable per repo via .microreview.yml.
Auto-fix Suggestions
One-click apply fixes via GitHub suggestions. Exact code replacements with explanations — not vague advice.
Language Support
Works with your stack
AI bug detection and secret scanning work on any language. Deep static rules are available for Java, TypeScript, and Python — more coming soon.
Java
Deep static + AI
TypeScript
Deep static + AI
Python
Deep static + AI
Go
AI analysis
Rust
AI analysis
C#
AI analysis
Ruby
AI analysis
PHP
AI analysis
Kotlin
AI analysis
Swift
AI analysis
Secret detection (13 patterns) works across all file types regardless of language.
Your code stays yours
We know you're trusting us with access to your source code. Here's exactly how we handle it — no hand-waving.
Diff-only access
We only read the changed lines in your PR — never your entire codebase, history, or branches.
Your code isn't training data
Only diffs are sent to our AI provider — never your full codebase. Your code is not used to train models, is retained at most 30 days for abuse monitoring, then deleted.
Encrypted in transit
All data is sent over TLS/HTTPS. Nothing travels in plaintext — not your diffs, not your tokens, not your reviews.
Minimal permissions
Our GitHub App requests only read access for PR diffs and write access for comments and check runs. Nothing more.
How It Works
Three steps. Zero config.
Install once, get AI reviews on every pull request forever.
Install the GitHub App
One click from GitHub Marketplace. Pick your repos. Sensible defaults work out of the box — no YAML required.
Open a Pull Request
MicroReview runs automatically on every PR. 30+ static rules, 13 secret patterns, and AI bug detection — all in parallel.
Get AI-powered review in seconds
Risk score, inline comments, auto-fix suggestions, and a full PR walkthrough posted as a GitHub comment. Clean PRs auto-approve.
📖 PR Walkthrough
Adds a new payment processing service with Stripe integration. Touches the checkout critical path. 3 hardcoded secrets detected and 2 AI bugs found that would undercharge customers.
| Rule | New | Severity |
|---|---|---|
| SECRET_DETECTION | 3 | Critical |
| AI_BUG_DETECTION | 2 | Warning |
| REQUEST_BODY_MISSING_VALID | 1 | Critical |
| HARDCODED_URL | 2 | Warning |
Try it yourself
Toggle the findings — watch the score
This is exactly how MicroReview thinks. Flip issues on and off to see how the risk score and merge decision change in real time.
Worth a careful human look before merging.
Honest Comparison
MicroReview vs everyone else
Real features, real prices. We built what's missing from CodeRabbit, Codacy, and SonarQube — at a fraction of the cost.
| Feature |  MicroReview | 🐰CodeRabbit | 🔷Codacy | 🔵SonarQube |
|---|---|---|---|---|
| Pricing model | Per repo | Per seat | Per seat | Per LOC |
| Starting price | $19/repo | $24/seat | Custom | $32/mo |
| Team of 10, 3 repos | $57/mo | $720/mo | $$$ | $96+/mo |
| Risk score per PR (0-100) | ||||
| Merge blocking (Checks API) | ||||
| AI bug detection | Limited | |||
| Secret detection | 13 patterns | Via linters | ||
| SAST security | ||||
| Auto-fix suggestions | ||||
| PR walkthrough summary | ||||
| Setup time | 30 sec | 5 min | 30+ min | Hours |
| Free tier | 2 repos forever | 14-day trial | 14-day trial | Limited |
| Self-hosted option | Roadmap | Enterprise |
A team of 10 devs on 3 repos saves $663/month vs CodeRabbit
That's $7,956/year back in your budget. Same AI reviews, same quality — better price.
Need self-hosted? Get notified when it launches.
Pricing
Per repo, not per seat. Save 80%.
No credit card required. No 14-day trial bait. Free means free.
Per-seat (CodeRabbit)
10 devs × $24/seat = $240/mo per repo
Per-repo (MicroReview)
10 devs × 1 repo = $19/mo total
Free
For indie devs and side projects
- 2 repositories
- 50 reviews / month
- All 30+ static rules
- Secret detection (13 patterns)
- SAST security checks
- Risk scoring (0-100)
- Merge blocking
- Community support
Pro
Unlimited devs per repo — not per seat
Same price whether you have 2 devs or 200
- Everything in Free
- Unlimited reviews
- AI bug detection (GPT-4.1)
- AI PR walkthrough
- PR Chat — ask questions
- Slack & Teams notifications
- Auto-fix suggestions
- Config editor in dashboard
- Priority support
Team
Volume discount for growing teams
5+ repos at $15 each — 21% less than Pro
- Everything in Pro
- Volume discount (5+ repos)
- Config inheritance (org-wide)
- Org-wide rule policies
- Analytics dashboard
- CODEOWNERS enforcement
- SSO / SAML (coming soon)
- Dedicated Slack channel
- Priority support
All plans include GitHub & GitLab support. Need more than 10 repos? Contact us for custom pricing.
We're just getting started — help shape it
MicroReview is new, and I'd rather be honest than fake social proof. There are no inflated logos here yet — just a tool that already catches real bugs, and an open invitation to be one of the first teams to use it.
A live Stripe key committed in a PR — caught and flagged before it reached main.
Dividing a total by item count computes the average, not the sum — every customer would have been undercharged.
These are the kinds of things humans skim past on a busy day. The risk score tells you which PRs to look at closely — and which are safe to merge.
Be an early design partner
- Direct line to the founder — your feedback shapes the roadmap
- Lock in early pricing as the product grows
- First access to new rules, languages, and integrations
- Free tier to try it on 2 repos, no credit card
Built by a real engineer
“I built MicroReview on my own after watching good engineers ship avoidable bugs and the occasional leaked secret — not from carelessness, but because review gets rushed. And now AI coding tools mean more PRs landing faster than any lead can review in depth. MicroReview is the extra pair of eyes that never gets tired, giving you one honest number: how risky is this PR?”
FAQ