Skip to main content

🚀 Beta: All Pro and Team features are free. Install on GitHub →

GitHub Integration

CodeRifts for GitHub — Zero-Config PR Comments

Install the GitHub App in 30 seconds. Every time a pull request modifies an OpenAPI spec, CodeRifts posts a detailed report as a PR comment — breaking changes, risk score, policy violations, and a suggested version bump.

Install on GitHub — Free

Install in 3 Steps

1

Click "Install" on the GitHub Marketplace

Visit github.com/apps/coderifts and click Install. Choose which repositories to enable.

2

Open a pull request that modifies an OpenAPI spec

CodeRifts auto-detects .yaml, .yml, and .json files containing OpenAPI definitions. No config file needed.

3

Review the PR comment

CodeRifts posts a detailed report with every breaking change, risk score, policy violations, security analysis, and a suggested semver bump. See a real example →

What the PR Comment Includes

Every PR comment is a complete API governance report — not just a list of changes.

🔴

Breaking Changes

Every breaking change categorized by type and severity — endpoint removals, type changes, required field additions, and more.

📊

Risk Score

A 0–100 score based on change severity, blast radius, and affected endpoints. At-a-glance risk assessment for reviewers.

📋

Policy Violations

Naming conventions, versioning rules, deprecation timelines — all configurable via .coderifts.yml.

🔒

Security Analysis

OWASP API Top 10 alignment, auth coverage analysis, and sensitive field exposure detection.

📦

Semver Recommendation

Suggests the correct version bump (patch, minor, major) based on the changes detected.

📝

Auto Changelog

A human-readable changelog entry generated from the diff — ready for release notes.

Minimal Permissions

CodeRifts requests only the permissions it needs. Your code stays private.

PermissionLevelWhy
Pull requestsRead & WriteTo post PR comments with the analysis report
ContentsReadTo read OpenAPI spec files from the PR branch and base branch
MetadataReadRequired by GitHub for all apps

CodeRifts never stores your source code. Specs are analyzed in memory and discarded immediately. Read our security policy →

Optional Configuration

CodeRifts works with zero config. For advanced use cases, add a .coderifts.yml to your repo root.

# .coderifts.yml — optional configuration
spec:
  path: "api/openapi.yaml"     # default: auto-detect

rules:
  breaking-changes: error      # error | warn | off
  naming-convention: warn      # camelCase enforcement
  deprecation-policy: warn     # require sunset headers

notifications:
  slack:
    webhook: $SLACK_WEBHOOK_URL
    on: [breaking-change, security]

See the full configuration reference for all available options.

Start protecting your APIs in 30 seconds.

Free for up to 3 private repos. No credit card required.

Install on GitHub — Free See a Real Report →

Also available via REST API and CLI.