# Code Review

Typo’s built-in automated code reviews help you ship clean, secure, and high-quality code—faster. It scans your codebase and pull requests to identify potential issues, recommends improvements, and even auto-generates safe fixes before merging into the master branch.

With intelligent suggestions and hotspot detection, Typo ensures every merge is smoother and more reliable.

Read more about setting Code health [here](https://typo.gitbook.io/typo-help-docs/configurations/code-health)

<div align="left"><figure><img src="https://813988662-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FeCZyG1kSmV84geZ9Ws6s%2Fuploads%2FeF4Cjzhl1gW3nr1ULHNl%2FScreenshot%202025-06-10%20at%2012.23.43%E2%80%AFAM.png?alt=media&#x26;token=c3511a07-9e44-40fb-b16f-6369c9e2f37e" alt=""><figcaption></figcaption></figure></div>

## AI-Based Code Review

Typo leverages Artificial Intelligence to provide automated code analysis directly within your development workflow. As soon as a Pull Request (PR) is created, our system automatically analyzes the code changes to identify potential issues, such as bugs, vulnerabilities, or deviations from best practices. The findings are then immediately posted as a clear and concise comment on the PR, ensuring developers receive contextual feedback without having to leave their version control system.

<div align="left"><figure><img src="https://813988662-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FeCZyG1kSmV84geZ9Ws6s%2Fuploads%2FD2qlqmwcZVzizsEvOejh%2FScreenshot%202025-06-10%20at%2012.43.18%E2%80%AFAM.png?alt=media&#x26;token=eb411933-2d71-45ad-90ca-2b0f48163cb8" alt=""><figcaption></figcaption></figure></div>

Each issue highlighted in the report is accompanied by an AI-generated suggestion for a fix. This allows you to not only understand the problem but also see a direct solution. If you agree with the recommendation, you can apply the change and commit the suggested fix directly from the PR comment with a single click, significantly speeding up the code review and remediation process.

## **Static Code Review**

Typo automatically analyzes pull requests to detect security vulnerabilities, insecure coding patterns, and performance issues using a configurable rule engine.

The automatic code review helps you save time, streamline the review process, and improve code quality, making your team more productive.

All issues detected are categorized into five key areas:

* [**OWASP Top 10**](https://typo.gitbook.io/typo-help-docs/engineering-metrics/code-quality-metrics/owasp-top-10)
* [**Security**](https://typo.gitbook.io/typo-help-docs/engineering-metrics/code-quality-metrics/security)
* [**Vulnerabilities**](https://typo.gitbook.io/typo-help-docs/engineering-metrics/code-quality-metrics/vulnerability)
* [**Performance**](https://typo.gitbook.io/typo-help-docs/engineering-metrics/code-quality-metrics/performance)
* [**Code Smell**](https://typo.gitbook.io/typo-help-docs/engineering-metrics/code-quality-metrics/code-smell)

These rule-based checks can be fully customized from **Settings > Code health > Rules**.\
You can also enable alerts for specific rules to stay informed about critical issues in real time.

<figure><img src="https://813988662-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FeCZyG1kSmV84geZ9Ws6s%2Fuploads%2FvCgMTUkdccX778PAK6k3%2FScreenshot%202025-06-10%20at%2012.24.30%E2%80%AFAM.png?alt=media&#x26;token=ea830058-d3f6-4fa6-a0ee-10e3e3852484" alt=""><figcaption></figcaption></figure>

Typo intelligently understands the context of your code to identify and fix issues with high accuracy. It helps you maintain clean, consistent, and secure code—reducing the risk of security breaches and improving long-term maintainability.

For each issue, Typo provides:

* A clear description of the problem
* An explanation of the bad practice
* A recommended good practice to follow

This guidance ensures developers not only fix issues but also learn from them.

<div align="left"><figure><img src="https://813988662-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FeCZyG1kSmV84geZ9Ws6s%2Fuploads%2FRE4TgQc2yTJS2AGhTQBk%2FScreenshot%202025-06-10%20at%2012.28.09%E2%80%AFAM.png?alt=media&#x26;token=8a0d3835-30ed-49d3-8f60-a9ec947b61ce" alt=""><figcaption></figcaption></figure></div>

### **Real-time PR reviews**

Typo automatically analyzes every pull request as soon as it’s raised, identifying issues and posting a detailed report directly as a comment on the PR. This ensures developers receive instant, actionable feedback without disrupting their workflow.

<figure><img src="https://813988662-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FeCZyG1kSmV84geZ9Ws6s%2Fuploads%2FLPPZGPyKNSukWjxdzfwx%2FScreenshot%202025-06-10%20at%2012.35.43%E2%80%AFAM.png?alt=media&#x26;token=c6fb8057-f186-4b7d-b87f-f5b0614f2801" alt=""><figcaption></figcaption></figure>

When a developer creates a pull request, Typo automatically initiates the analysis process using your configured rule set. It evaluates the code and posts a comment on the PR summarizing all detected issues, organized into clear categories for quick review. Clicking on the report takes you to a detailed view in Typo, where each issue is explained with a brief description, an example of the problematic code (Bad Practice), and a recommended fix (Good Practice). All issues are grouped into five key categories: OWASP Top 10, Security, Vulnerability, Performance, and Code Smell.

<figure><img src="https://813988662-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FeCZyG1kSmV84geZ9Ws6s%2Fuploads%2Fk0re41KiSom85idDdTtl%2FScreenshot%202025-06-10%20at%2012.33.44%E2%80%AFAM.png?alt=media&#x26;token=215c3556-f198-455f-8a91-54d45b4b50c5" alt=""><figcaption></figcaption></figure>

This integration enables developers to resolve issues faster, improve code quality, and significantly cut down on review and remediation time.

#### **Supported Languages -**

* C#
* CSS
* CloudFormation
* Docker
* Flex
* Go
* HTML
* Java
* JavaScript
* Kotlin
* Kubernetes
* PHP
* Python
* Ruby
* Scala
* Secrets
* Terraform
* Text
* TypeScript
* VB.NET
* XML

### **AI Automated Code Fixes**

Typo automatically suggests safe, functionally equivalent code changes for specific detected issues - helping you resolve problems faster and with confidence. Powered by AI, it streamlines your pull request process by quickly identifying and fixing issues, so you can push clean code without the stress in a single click.

<div align="left"><figure><img src="https://813988662-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FeCZyG1kSmV84geZ9Ws6s%2Fuploads%2FhoY57DYpR1OCchboMAIC%2FScreenshot%202024-09-03%20at%208.41.18%E2%80%AFPM.png?alt=media&#x26;token=b98fc305-e13d-4060-98e7-46dba8aa4ed5" alt=""><figcaption></figcaption></figure></div>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://typo.gitbook.io/typo-help-docs/platform/code-health/code-review.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.