ZDNET’s key takeaways
- Automated safety opinions in Claude Code assist guarantee code security.
- Spot and repair vulnerabilities earlier than your code reaches manufacturing.
- Run the /security-review command within the terminal or by way of GitHub Motion.
Claude Code turned usually accessible in Might, and since then, it has develop into in style amongst builders for its coding help, accessible proper within the terminal or built-in growth environments (IDEs). Now, new options are coming to Claude that make it simpler to construct safely, too.
On Wednesday, Anthropic launched automated safety opinions in Claude Code. They permit builders to extra simply establish and repair safety issues, and will be invoked both manually utilizing the brand new “/security-review” command or routinely by way of the brand new GitHub Motion for Claude Code.
“On demand or routinely, Claude will evaluation the code that you simply’re engaged on, the code that you simply’re pushing, or your complete repository, and virtually establish vulnerabilities and counsel methods to repair them,” stated Logan Graham, the engineer behind the brand new options on the Frontier Purple Workforce at Anthropic, to ZDNET.
Command in Claude Code
All builders need to do is invoke the /security-review command in Claude Code, which is able to set off the safety evaluation within the terminal. Anthropic stated Claude will then search the codebase, establish frequent vulnerabilities equivalent to SQL injection dangers, insecure knowledge dealing with, and authentication flaws, and clarify the problems discovered.
“We would like it to be, and I feel we will get there quickly if it isn’t there already, type of like having the most effective safety engineer or finest senior software program engineer, over shoulder, serving to you do your work, higher and securely,” added Graham.
After figuring out the problems, the consumer also can ask Claude Code to implement the fixes for every one. This enables builders to catch points simply by integrating the safety opinions earlier than committing the code or earlier than it reaches manufacturing. ZDNET’s personal David Gewirtz, a pc science professor turned AI innovator, discovered the replace useful, saying, “Including the safety evaluation as a command is nice. In any other case, you’d need to embed it in every question or add it to their system directions.”
GitHub Motion
Pull requests are a vital a part of the collaborative growth course of, however they require intensive guide evaluation earlier than being merged into the primary codebase. Now, with the brand new GitHub Motion for Claude Code, builders can have Claude routinely analyze each pull request when it is opened, a step that may in any other case be forgotten or neglected.
Anthropic stated Claude can evaluation code adjustments for safety vulnerabilities, apply customizable guidelines, and publish inline feedback with issues and suggestions for fixes. Anthropic has used GitHub Actions to catch vulnerabilities in its personal code earlier than transport to customers, in accordance with the discharge. Simply final week, GitHub Actions recognized a distant code execution vulnerability, which was fastened earlier than the pull request was merged.
Find out how to entry
To entry the /security-review command, replace Claude Code to the newest model and run it in your undertaking listing. Anthropic posted documentation for putting in and configuring the GitHub Motion.
Need extra tales about AI? Try AI Leaderboard, our weekly publication.
