Pull & Merge Requests

Oplane integrates with both GitHub and GitLab to automatically run threat modeling on pull requests and merge requests. Get security feedback directly in your review workflow before code is merged.

Setup

Connect your repository through a Managed Workspace:

• Connect GitHub — install the Oplane GitHub App and link your repositories
• Connect GitLab — sign in with GitLab and select your projects

How It Works

When a PR or MR is opened or updated, the Oplane worker analyses the diff, creates a threat model scoped to the changes, and posts requirements as review comments directly on the relevant lines.

Automatic Analysis

Oplane reads the diff, identifies architectural and security-relevant changes, and generates security requirements specific to what changed. Each finding is posted as an inline comment on the affected lines — so you get feedback exactly where it matters.

Review Modes

You can configure how Oplane reviews your PRs/MRs per workspace:

• Analyse every PR/MR — Oplane runs automatically on every new pull request or merge request. Best for projects with active development.
• On request — Mention @oplane in a comment on any PR or MR to trigger a review when you need it.
• Disabled — No automatic reviews for this workspace.