How is MicroReview different from CodeRabbit?

MicroReview adds a 0-100 risk score per PR, merge blocking on critical findings, a dedicated GitHub Checks API integration with inline annotations, and hardcoded secret detection across 13 patterns. It also starts free and scales to $19/mo per repo vs CodeRabbit's higher per-seat pricing.

Does MicroReview work with private repositories?

Yes. MicroReview works with both public and private repositories on GitHub and GitLab. The GitHub App requests only the minimum permissions needed: read access to code for PR diffs and write access to post review comments and check runs.

What programming languages does MicroReview support?

AI bug detection and secret scanning work on any language. Deep static analysis rules including naming conventions, Spring Boot patterns, and validation checks are available for Java, TypeScript, and Python today with more language-specific rule sets coming soon.

Is my source code sent to AI?

Only the changed lines (diff hunks) from your pull request are sent to the AI, not your entire codebase. Code is sent over HTTPS, is not used to train models, and is retained by the AI provider for at most 30 days for abuse monitoring before deletion.

How much does MicroReview cost?

MicroReview starts free with 2 repos and 50 reviews per month. The Pro plan is $19/mo per repo with unlimited reviews and AI bug detection. The Team plan is $15/mo per repo for 5+ repos with analytics, SSO, and config inheritance.

Trust & Security

Your code, handled with care

MicroReview reads source code to review it, so security isn't a feature — it's the foundation. Here's exactly how we handle your data.

Data handling

We only process the diff (changed lines) of a pull/merge request — never your full repository, branches, or history.
Review results (findings, risk scores, metadata) are stored to power your dashboard. Your source code itself is not stored after a review completes.
All data is encrypted in transit using TLS/HTTPS.

Credentials & encryption at rest

OAuth access tokens are encrypted at rest with AES-256-GCM before being written to the database.
We never ask for, store, or transmit your passwords — authentication is via GitHub/GitLab OAuth and signed webhooks only.
The GitHub App requests the minimum permissions required: read access to code (for diffs) and write access to post review comments and check runs.

AI processing

Only changed lines (diff hunks) are sent to our AI provider — never your entire codebase.
Your code is not used to train AI models. The provider retains it for at most 30 days for abuse monitoring, then deletes it.
AI-assisted actions that modify code (auto-fix) are opt-in and only ever triggered explicitly by a maintainer command.

Infrastructure

Traffic is terminated over TLS at our edge and proxied to isolated application services.
Webhook deliveries are verified: GitHub via HMAC signatures, GitLab via a shared secret token.
Secrets are kept out of source control and rotated when needed.

Your controls

Configure exactly which rules run via a .microreview.yml file in your repo.
Risk-score badges are private by default — a numeric score is only ever shown publicly for repositories you've marked public.
Uninstall the app at any time from your GitHub/GitLab settings to immediately revoke all access.

On our roadmap

We're an early-stage company and we're honest about it. Formal compliance certifications (e.g. SOC 2) and a self-hosted option are on our near-term roadmap. If your team has specific security requirements, we want to hear them.

Responsible disclosure

Found a vulnerability? Please email security@microreview.dev with details. We'll acknowledge promptly and keep you updated on the fix. Please give us reasonable time to remediate before public disclosure.

Get Started Free