Skip to main content
Vidoc posts security findings directly to your GitHub pull requests, helping developers catch issues before merging.

Comment Types

Inline Comments

Posted on specific lines of code where issues are found:
  • Shows vulnerability type and severity
  • Links to full issue details in Vidoc
  • Appears in the PR’s “Files changed” view

Summary Comment

A single comment summarizing all findings:
  • Lists all issues found in the PR
  • Groups by severity
  • Posted once per scan

Enabling PR Comments

  1. Connect GitHub if not already connected
  2. Go to SettingsIntegrationsGitHub
  3. Enable “Post PR Comments”
  4. Configure comment preferences

Configuration Options

SettingDescriptionDefault
Inline commentsComment on specific code linesEnabled
Summary commentPost summary of all findingsEnabled
Minimum severityOnly comment on issues at or above this levelLow
Comment on re-scanUpdate comments when PR is re-scannedEnabled

Minimum Severity

Control noise by setting a minimum severity for PR comments:
  • Critical only - Only comment on critical issues
  • High and above - Critical + High
  • Medium and above - Critical + High + Medium
  • Low and above - All except Informative
  • All - Include informative issues
Start with “Medium and above” and adjust based on your team’s preferences.

Comment Format

Inline Comment Example

🔴 **Critical: SQL Injection**

User input flows directly into SQL query without sanitization.

**Remediation:** Use parameterized queries or an ORM.

[View in Vidoc →](https://app.vidocsecurity.com/...)

Summary Comment Example

## Vidoc Security Scan Results

Found **3 issues** in this pull request:

| Severity | Issue | File |
|----------|-------|------|
| 🔴 Critical | SQL Injection | src/db.js:45 |
| 🟠 High | XSS | src/render.js:12 |
| 🟡 Medium | Open Redirect | src/auth.js:78 |

[View full report →](https://app.vidocsecurity.com/...)

Managing Comments

Resolve Comments

When you fix an issue:
  1. Push the fix to the PR
  2. Vidoc re-scans automatically (if auto-scan enabled)
  3. Resolved issues are marked as such in comments

Hide Comments

To hide Vidoc comments from a PR:
  1. On GitHub, click the ”…” menu on the comment
  2. Select “Hide” → “Resolved”
This doesn’t affect the issue status in Vidoc.

PR Check Status

Vidoc can also report as a GitHub Check:
  1. Go to SettingsIntegrationsGitHub
  2. Enable “Report as Check”
  3. PRs show Vidoc status in the checks section

Check Status Logic

ResultStatus
No issues✅ Passed
Issues below threshold✅ Passed (with annotations)
Issues at/above threshold❌ Failed
Configure the failure threshold in GitHub integration settings.

Disabling PR Comments

  1. Go to SettingsIntegrationsGitHub
  2. Disable “Post PR Comments”
Or disable per-repository in repository settings.

GitHub Setup

Configure GitHub integration

Auto Scan

Configure automatic scanning

Pull Requests

View PR scan results

Issues

Manage all security issues