ZDNET’s key takeaways
- Automated safety critiques in Claude Code assist guarantee code security.
- Spot and repair vulnerabilities earlier than your code reaches manufacturing.
- Run the /security-review command within the terminal or by way of GitHub Motion.
Claude Code grew to become typically accessible in Might, and since then, it has turn into widespread amongst builders for its coding help, accessible proper within the terminal or built-in growth environments (IDEs). Now, new options are coming to Claude that make it simpler to construct safely, too.
On Wednesday, Anthropic launched automated safety critiques in Claude Code. They permit builders to more easily identify and fix security concerns, and could be invoked both manually utilizing the brand new “/security-review” command or mechanically by way of the brand new GitHub Motion for Claude Code.
Additionally: Claude Code’s new tool is all about maximizing ROI in your organization – how to try it
“On demand or mechanically, Claude will evaluation the code that you simply’re engaged on, the code that you simply’re pushing, or your whole repository, and virtually determine vulnerabilities and recommend methods to repair them,” stated Logan Graham, the engineer behind the brand new options on the Frontier Crimson Crew at Anthropic, to ZDNET.
Command in Claude Code
All builders must do is invoke the /security-review command in Claude Code, which can set off the safety evaluation within the terminal. Anthropic stated Claude will then search the codebase, determine widespread vulnerabilities equivalent to SQL injection dangers, insecure knowledge dealing with, and authentication flaws, and clarify the problems discovered.
“We would like it to be, and I believe we will get there quickly if it isn’t there already, form of like having the most effective safety engineer or greatest senior software program engineer, over shoulder, serving to you do your work, higher and securely,” added Graham.
Additionally: The best AI for coding in 2025 (including a new winner – and what not to use)
After figuring out the problems, the person may ask Claude Code to implement the fixes for every one. This enables builders to catch points simply by integrating the safety critiques earlier than committing the code or earlier than it reaches manufacturing. ZDNET’s personal David Gewirtz, a pc science professor turned AI innovator, discovered the replace useful, saying, “Including the safety evaluation as a command is nice. In any other case, you’d must embed it in every question or add it to their system directions.”
GitHub Motion
Pull requests are an important a part of the collaborative growth course of, however they require in depth guide evaluation earlier than being merged into the primary codebase. Now, with the brand new GitHub Motion for Claude Code, builders can have Claude mechanically analyze each pull request when it is opened, a step that may in any other case be forgotten or missed.
Additionally: Anthropic’s free Claude 4 Sonnet aced my coding tests – but its paid Opus model somehow didn’t
Anthropic stated Claude can evaluation code adjustments for safety vulnerabilities, apply customizable guidelines, and submit inline feedback with issues and proposals for fixes. Anthropic has used GitHub Actions to catch vulnerabilities in its personal code earlier than transport to customers, in line with the discharge. Simply final week, GitHub Actions recognized a distant code execution vulnerability, which was fastened earlier than the pull request was merged.
How you can entry
To entry the /security-review command, replace Claude Code to the newest model and run it in your undertaking listing. Anthropic posted documentation for putting in and configuring the GitHub Motion.
Need extra tales about AI? Take a look at AI Leaderboard, our weekly publication.
