Scrutin — AI Code Review
Scrutin automatically reviews your Pull Requests using AI and static analysis, posting 3-5 actionable comments directly on your code — catching bugs, security issues, secrets, IaC misconfigurations, and code smells before they reach production.
Features
- AI-Powered Analysis — Uses advanced language models to understand your code context and find real issues
- Static Analysis — 12,500+ rules covering security (OWASP/CWE), bugs, and code smells
- Actionable Comments — No noise. Only 3-5 high-value comments per PR
- Auto-Fix Suggestions — 268+ fix patterns with one-click suggestions
- Secret Detection — Catches leaked API keys, tokens, and credentials
- IaC Security — Terraform, Dockerfile, Kubernetes, CI/CD pipeline analysis
Azure DevOps Integration
- Hub page — Configure and monitor Scrutin directly inside Azure Repos
- PR tab — View Scrutin review results in a dedicated Pull Request tab
- Service Hooks — Automatic webhook setup for PR created/updated/merged events
- Self-hosted support — Works with Azure DevOps Services and Azure DevOps Server
Supported Languages
C#, TypeScript, JavaScript, Python, Java, Go, Rust, PHP, Kotlin, Ruby, C++, Swift, Scala, Apex, OCaml, JSON, Terraform, Dockerfile, CI/CD, Shell, and more — 27 languages with 12,500+ rules via the analysis engine.
How it works
- Install this extension in your Azure DevOps organization
- Open the Scrutin hub in Azure Repos
- Enter your API Key — webhooks are configured automatically for selected projects
- Create a Pull Request — Scrutin reviews it automatically
- Review Scrutin's comments directly in your PR
Setup
1. Get your API Key
Sign up at scrutin.dev and get your organization API key from Settings > Integrations > Azure DevOps.
2. Install the Extension
Install this extension in your Azure DevOps organization. Requires admin permissions.
3. Open the Scrutin Hub
In any project, go to Repos and click the Scrutin tab in the sidebar. Enter your API Key and select the projects you want to monitor.
4. Done!
Create a Pull Request and Scrutin will automatically analyze your code and post comments.
Plans
| Plan |
Features |
Price |
| Community |
Full SAST engine (12,500+ rules, 27 languages), secret detection, unlimited repos/analyses/members |
Free forever |
| Pro |
+ AI analysis (BYOK), auto-fix suggestions, PR review comments, Scrutin portal, full IaC, SCA/CVE (35k+ advisories), Azure DevOps |
$19/dev/mo ($15 annual) |
| Business |
+ SSO/SAML/OIDC, quality gates (block merge), custom YAML rules, custom secret patterns, Bitbucket + JIRA, SLA 99.5% |
$39/dev/mo ($31 annual) |
| Enterprise |
+ On-premise, unlimited agents, 24/7 support, SLA 99.9%, custom contracts |
Contact us |
Requirements
- Azure DevOps Services or Azure DevOps Server
- Admin permissions to install extensions in the organization
- Scrutin account (scrutin.dev)
Support
MIT — © Scrutin
| |
