MergeGuard - AI Protection for every Pull Request

NewContainer scan is live — CVEs in Docker images on Dockerfile PRs

Learn more

AI review + security · one platform

Catch risks before you merge.Merge only what passes.

Parallel agents review your diff, scan dependencies, and hunt secrets—then post one native PR/MR review on GitHub or GitLab. Risk scores, inline threads, and @mergeguards fix. No extra CI YAML or second AI subscription.

  • Parallel agents
  • Risk scores
  • OSV + Trivy scans
  • Auto-fix commits

GitHub

Pull requests · official App

Connect on GitHub

GitLab

Merge requests · OAuth

Connect on GitLab
Try free without installing

  • 564

    Files reviewed

  • ,2,226

    Bugs reported

  • 96

    Bugs fixed

  • 2-click install
  • 20 free PR reviews/mo
  • No credit card
  • Private repos
GitHub demoGitLab demo

How container scan works

Two comments. One fast review.

Image builds are slow—your team shouldn't wait. Main review posts immediately; container CVEs arrive when the scan finishes.

Comment 1 · right away

Main PR review

Risk score, AI findings, dependency CVEs, and filesystem security.

Comment 2 · when ready

Container scan follow-up

Image CVEs grouped Critical → Info when a Dockerfile changed.

Read the guideStart scanning PRs

Sample review

See what lands on your PR or MR

Real review shape: risk score, severities, and inline findings—before you install anything.

acme/api-service #482
GitHub pull request with MergeGuard AI review summary and inline security finding

MergeGuard summary

Risk score 35 / 100

Medium merge risk. Auth middleware change touches request path—verify session handling on edge cases.

  • HighMissing null check before token decode
  • MediumNew env var not documented in README
  • LowPrefer const for immutable binding

Reply @mergeguards fix on an inline thread to push a patch commit.

Connect free →Watch walkthrough

One roof · parallel agents

Stop paying for a stack of pricey AI tools

Many teams bolt on different models and vendors for review, security, and dependencies—each with its own bill. MergeGuard runs specialized agents in parallel, merges the signal, and posts one native review with the strongest scans on every pull request.

acme/api-service · PR #482

Parallel agents

  • Code review
  • OSV lockfile
  • Trivy security

Merge risk

48

/ 100 · ~2 min review

Conversation · Files changed
MG

mergeguard

bot · just now

Medium

Potential issue — missing null check before decode() on the authorization header.

@@ src/auth/middleware.ts @@
− if (!token) decode(token);
+ if (!token) return unauthorized(res);

Reply @mergeguards fix for an auto-commit

Security · merged findings

3 signals · 1 comment

  • OSV

    lodash@4.17.20 · CVE-2021-23337

  • Trivy

    AWS key pattern in .env.example

  • AI

    Missing null guard before decode()

Also available natively onGitHub&GitLab

Start free on GitHubConnect GitLabCompare plans

Why teams use MergeGuard

Faster reviews + better code

We do the heavy lifting on the diff—you do the final 10%.

Catch fast. Fix fast.

Reply @mergeguards fix on inline findings—MergeGuard generates the patch and commits to your branch.

Explore all features

Security scanning · now built in

Security scans are live in every review

Open-source security scanners are built into your AI code review—no separate tool to install. OSV dependency CVEs, Trivy filesystem scans, and async container image scanning on Dockerfile PRs are live on Pro+.

OSVLive now

Dependency CVEs from your npm lockfiles, on every pull request.

  • Known CVEs in package-lock.json
  • Severity + advisory links inline
  • Zero setup — on by default
TrivyLive now

Filesystem vulns, leaked secrets, and IaC misconfig in the same review.

  • Hardcoded secrets & credentials
  • Vulnerable OS / language packages
  • Terraform & Dockerfile misconfig
ContainerLive · async

Docker image CVE scans when a PR changes a Dockerfile—queued in the background so reviews never wait on image build.

  • Image build + CVE scan without blocking your review
  • Follow-up PR comment with severity-grouped CVEs
  • Available on Pro+ plans
Start scanning your PRs freeContainer scan docs →

How it works

Stays in GitHub. You stay in flow.

One pipeline from push to protected merge—AI review, security scans, and PR commands inline on your diff. Install once; no separate dashboard.

4 tabs · context switching
Review portalSSO loginEmail digestStatus page

Sign in required

Leave GitHub to view findings in an external dashboard.

!!!

Context lost · extra clicks · slower merges

PR commands

Drive follow-ups from the same thread

After the review lands, reply with commands—no context switch to another tool.

GitHub & GitLab demos →Command reference →
@mergeguards fixAll plans

Reply on an inline finding to generate a patch and commit it to the PR.

@mergeguard-followupPaid

Re-run AI review on the current PR after new commits or discussion.

@mergeguards deep-scanPaid

Deeper pass for security and architectural risk—ideal before merging large changes.

Read the full pipeline → · Security & scanners →

Powered by

  • OpenAI
  • Anthropic
  • GitHub
  • GitLab
  • Railway

Customer stories

Why teams prefer MergeGuard

David

Pro

Pro · Backend engineer

Caught a race condition before merge

It flagged a subtle async bug on a PR I was about to approve—the kind of thing we used to find in staging. Happy we have it on every pull request now.

Self-serve setup

Get your first review in minutes

No scheduled demo—we walk you through install with short videos and docs. Most teams are live on their first pull request the same day.

  1. 1

    Connect GitHub or GitLab

    Sign in with the provider that owns your repos—no MergeGuard password.

    Connect account
  2. 2

    Install or link repos

    GitHub App install or pick GitLab projects from your dashboard.

    Setup guides
  3. 3

    Open a PR or MR

    Your first AI review usually lands within a minute on the diff.

    How it works
Watch setup videosGitHub quickstart

Prefer GitLab? GitLab walkthrough

Free tier · 20 reviews/month

Your next PR reviewed in minutes

Install the GitHub App or connect GitLab—review and scans on every PR or MR.

Connect on GitHubConnect on GitLabGet started free

See pricing · Product demos · FAQ · Security