Book a Demo →

GitHub PRs

Integrate Oplane with your GitHub workflow to automatically run threat modeling on pull requests. Get security feedback before code is merged.

Prerequisites: You'll need the Oplane GitHub App installed on your organisation. Follow the Organisation Setup guide to get started, then complete User Setup to link your account.

Review Modes

A team member chooses a review mode per repository during User Setup. The available modes are:

Review every PR
Oplane automatically runs a security review on every new pull request. Best for repositories with active development.
On request only
Comment @oplane review or oplane review on a PR to trigger a review. Good for repositories where you want to review selectively.
Disabled
No security reviews for this repository. Use this for repositories you don't need to threat model.
Oplane security review comment on a GitHub pull request

How It Works

Oplane analyzes the changes and produces a structured threat model directly on the pull request.

System Architecture Diagram

Oplane generates an architecture diagram showing how services connect, where data flows, and which components are touched by the changes. This makes it easy to spot architectural risks at a glance.

Oplane system architecture diagram showing service connections and data flows

Security Requirements

Oplane produces a list of security requirements tailored to the changes in the PR. Each requirement explains the risk and what to do about it, so your team can address issues before merging.

Oplane security requirements generated for a pull request

Change Description

Oplane reads the diff and pull request description, then writes a security-focused summary of the changes.

Oplane change description summarizing the security-relevant changes in a pull request