How is MicroReview different from CodeRabbit?

MicroReview adds a 0-100 risk score per PR, merge blocking on critical findings, a dedicated GitHub Checks API integration with inline annotations, and hardcoded secret detection across 13 patterns. It also starts free and scales to $19/mo per repo vs CodeRabbit's higher per-seat pricing.

Does MicroReview work with private repositories?

Yes. MicroReview works with both public and private repositories on GitHub and GitLab. The GitHub App requests only the minimum permissions needed: read access to code for PR diffs and write access to post review comments and check runs.

What programming languages does MicroReview support?

AI bug detection and secret scanning work on any language. Deep static analysis rules including naming conventions, Spring Boot patterns, and validation checks are available for Java, TypeScript, and Python today with more language-specific rule sets coming soon.

Is my source code sent to AI?

Only the changed lines (diff hunks) from your pull request are sent to the AI, not your entire codebase. Code is sent over HTTPS, is not used to train models, and is retained by the AI provider for at most 30 days for abuse monitoring before deletion.

How much does MicroReview cost?

MicroReview starts free with 2 repos and 50 reviews per month. The Pro plan is $19/mo per repo with unlimited reviews and AI bug detection. The Team plan is $15/mo per repo for 5+ repos with analytics, SSO, and config inheritance.

Automating PR Reviews: GitHub Actions vs a Dedicated Review Bot

Every team that ships fast eventually asks the same question: how do we keep code quality high without turning senior engineers into full-time reviewers? The two most common answers are scripting checks in GitHub Actions or installing a dedicated review bot. They solve overlapping problems in very different ways.

Option 1: GitHub Actions

GitHub Actions runs your own scripts on every pull request. You wire up linters, run your test suite, maybe add a secret scanner, and fail the build when something looks wrong. It's flexible and lives entirely in your repo.

The catch is maintenance. Each tool is a separate config, a separate version to bump, and a separate set of false positives to tune. Linters check style, not logic — they won't tell you that a function returns the wrong value or that a query is vulnerable to injection. And every minute of CI time is a minute you pay for.

Where Actions shine

Running your existing test suite and type checks
Enforcing formatting with tools you already use
Custom, repo-specific build logic

Option 2: A Dedicated Review Bot

A review bot reads the diff the way a human reviewer would. Instead of pattern-matching on style, it reasons about the change: is this null-checked, is this secret hardcoded, does this query concatenate user input? It posts inline comments where the problem is, not a wall of red in a CI log.

The trade-off is that you don't control every rule yourself. The upside is that you don't have to — a good bot ships with sensible defaults and improves over time without you touching a YAML file.

Where a bot shines

Catching logic bugs and risky patterns a linter can't see
Detecting hardcoded secrets across many patterns
Giving a single risk signal per PR instead of scattered checks
Zero ongoing maintenance

You Don't Have to Choose

In practice, the strongest setup uses both. Keep GitHub Actions for what only your repo knows — your tests, your build. Add a review bot for the judgment calls: logic, security, and secrets. MicroReview, for example, posts a 0-100 risk score as a GitHub Check, so it slots right alongside your existing Actions and can block a merge when something critical slips through.

The Bottom Line

GitHub Actions automates the checks you already know how to write. A review bot automates the review you'd otherwise need a senior engineer for. If your team spends real time on pull request reviews, adding a bot pays for itself the first time it catches a leaked key or a null-pointer bug before it ships.