Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.zenable.io/llms.txt

Use this file to discover all available pages before exploring further.

โ€‹
How to Configure

To manage the reviewer configuration, customer admins can go to the Company Settings page in the Zenable Management Console. All configuration changes are applied immediately to your organization and affect all future code reviews.

โ€‹
Configuration Profiles

Profiles let you maintain multiple independent configurations and assign them to specific repositories. Every tenant starts with a Default profile that applies to all repos unless overridden. Each profile contains a complete, independent set of configuration options. Repos without a profile assignment use the Default configuration. Repos assigned to a profile use that profileโ€™s settings instead.

โ€‹
Assigning Profiles to Repos

On the Integrations page, open a repositoryโ€™s settings (gear icon) and select a profile from the dropdown. Repos with an assigned profile display a colored badge showing the profile name.

โ€‹
Use Cases

  • High-scrutiny repos โ€” enable AI reviews with premium mode, exhaustive context refinement and requirement suggestions, all finding types visible, lower preflight thresholds to catch more
  • Relaxed for prototypes โ€” disable preflight, hide lower-signal finding types like readability and complexity, skip clean PR comments to reduce noise
  • Team-specific defaults โ€” frontend repos get accessibility findings enabled with thorough context refinement; backend repos focus on security and performance with stricter quality filters

โ€‹
Configuration Options

โ€‹
Exclusions

โ€‹
Exclude Files

List of additional filenames or glob patterns to exclude from all Zenable integrations. This field accepts a list (array) of patterns and works like gitignore, including support for negation patterns.
A standard list of lock files will automatically be added to the beginning of your configuration. These exclusions apply everywhere Zenable runs.
Supports:
  • Exact filename matches (e.g., "package-lock.json")
  • Glob patterns (e.g., "**/*.rbi", "foo/**/*.pyc")
  • Negation patterns with ! prefix (e.g., "!keep-this.json")
  • *.log - Skip all log files in any directory
  • **/*.tmp - Skip all .tmp files in any directory (recursive)
  • src/**/*.test.js - Skip all .test.js files under src/ directory
  • docs/*.md - Skip markdown files directly in docs/ directory
  • build/* - Skip all files directly in build/ directory
  • **/node_modules/** - Skip all files in any node_modules directory
  • example.py - Skip files named example.py in any directory
  • **/example.tmp - Skip files named example.tmp in any directory (i.e. the same as example.tmp)
  • /example.py - Skip example.py only in the root directory
Negation patterns start with ! and allow you to include files that would otherwise be skipped. Order matters - the last matching pattern wins.Skip all log files except important.log
  • Add *.log to skip all log files
  • Add !important.log to include important.log
Skip all files in build/ except those in build/keep/
  • Add build/**/* to skip all files in build/
  • Add !build/keep/**/* to include files in build/keep/
Escaping files that literally start with !
To skip files that literally start with ! (fairly rare), escape the exclamation mark with a backslash: \!filename.txt

โ€‹
Exclude Branches

List of branches to skip. You can use python regex to match the branch names. We will check all the patterns in the list, if any pattern match, the PR opened in that branch will be skipped.

โ€‹
Smart Filters

โ€‹
Preflight Checks

Preflight lets you optionally skip reviews based on static analysis findings.
  • enabled: Whether to enable preflight. (default: false)
  • max_changed_lines: Maximum total changed lines allowed before skipping the review. (default: 2500)

โ€‹
PR Quality Filter

PR Quality Filter lets you optionally skip reviews based on the quality of the PR. We measure the PR quality based on analysis of the whole PR and the generated review. We measure multiple dimensions of quality, such as code quality, architecture quality, testing quality, documentation quality, security quality, and maintainability. This generates a final overall quality score for the PR, which is used to determine if the PR review will be sent or not. Skip reviews with quality score below the threshold can be a useful way to skip reviews on pr that are not fully done, and reduce the noise in your PRs.
  • enabled: Whether to enable pr_quality_filter. (default: false)
  • quality_threshold: The minimum quality score required to post a review. Valid values are between 0 and 1. (default: 0.5)

โ€‹
Review Drafts

Controls whether Zenable reviews draft pull requests (GitHub) and merge requests marked as draft / work-in-progress (GitLab).
  • true โ€” draft PRs/MRs are reviewed as soon as they are opened.
  • false โ€” draft PRs/MRs are skipped silently. They will be reviewed automatically when transitioned to โ€œready for reviewโ€.
Setting this to false is useful if your team relies heavily on draft PRs for in-progress work and prefers to only receive Zenable reviews once the author explicitly marks the PR as ready.
  • review_drafts: Whether to review draft PRs/MRs. (default: true)

โ€‹
Reviewer Context and Feedback

โ€‹
Reactions

Configuration section for controlling which reactions are added during reviews. This allows you to enable or disable specific reactions that the reviewer generates.
Taking a Look Reaction
Controls the โ€œeyesโ€ emoji reaction (๐Ÿ‘€) that is added at the start of a review. The reaction is automatically removed once the review is complete. Default: true (๐Ÿ‘€ reaction is added)

โ€‹
Comments

Configuration section for controlling which comments are posted during reviews. This allows you to enable or disable specific informational comments that the reviewer generates.
No Findings Comment
When set to true, posts the โ€œNice work! ๐Ÿ˜Žโ€ comment when no issues are found in the PR. Set to false to disable this comment - when disabled and there are no findings, no review comment will be posted at all. Default: true (comment is posted)
These settings only affect informational comments. Reviews with actual findings or suggestions will always be posted regardless of these settings.

โ€‹
PR/MR Risk Assessment

Surfaces a Zenable-assessed risk level on each PR/MR. The assessment is produced by an LLM that considers the diff together with the review findings, and picks one of four levels along with a short rationale.
LevelIndicatorMeaning
Low๐ŸŸขMinor or well-contained change.
Medium๐ŸŸกReasonable change with some areas to double-check.
High๐ŸŸ Noteworthy impact; review with care before merging.
Critical๐Ÿ”ดHigh likelihood of severe impact (security, data loss, outages, or compliance violations).
When enabled, Zenable appends a small Risk: <emoji> <Level> heading to the review body, followed by a collapsible Risk analysis block with the rationale.
Mode
Controls how the risk assessment is surfaced.
  • off โ€” The risk assessment step is skipped entirely.
  • comment_only โ€” The risk section is included in the review body. No labels are applied to the PR/MR.
  • comment_and_label โ€” The risk section is included in the review body, and a matching label is applied to the PR/MR.
Default: comment_and_label
Labels (comment_and_label only)
When comment_and_label is selected, Zenable ensures the following four labels exist in the repository/project and applies the one matching the assessed level. The risk labels are mutually exclusive: if a previous review assigned a different level (for example high) and the code has since improved, the stale label is removed before the new one is applied.
  • zenable/risk:low
  • zenable/risk:medium
  • zenable/risk:high
  • zenable/risk:critical

โ€‹
Finding Types

Each review comment is classified into one of the following labels. All are shown by default โ€” deselect a type to hide comments with that label.
  • Bug โ€” Incorrect behavior, logic errors, or broken functionality
  • Readability โ€” Hard-to-follow code structure, unclear naming, or poor formatting
  • Performance โ€” Inefficient algorithms, unnecessary allocations, or scalability concerns
  • Complexity โ€” Overly complicated logic that could be simplified
  • Security โ€” Vulnerabilities, unsafe patterns, or missing input validation
  • Inconsistency โ€” Contradicts existing patterns, conventions, or nearby code
  • Accessibility โ€” Missing or incorrect accessibility support (ARIA, keyboard nav, color contrast)
  • Mistake โ€” Typos, copy-paste errors, or accidental omissions
  • Other โ€” Issues that donโ€™t fit the above categories
Default: All types visible. Deselect a type to suppress comments with that label.

โ€‹
Default Configuration

โ€‹
Preflight

  • enabled: true
  • max_changed_lines: 2500

โ€‹
PR Quality Filter

  • enabled: true
  • quality_threshold: 0.5

โ€‹
Review Drafts

  • review_drafts: true

โ€‹
PR/MR Risk Assessment

  • mode: comment_and_label

โ€‹
Files Excluded by Default

The following files are automatically excluded by default across all Zenable integrations: 
conda-lock.yml
bun.lock
go.mod
requirements.txt
uv.lock
.terraform.lock.hcl
Gemfile.lock
package-lock.json
pnpm-lock.yaml
yarn.lock
composer.lock
poetry.lock
pdm.lock
Cargo.lock
go.sum
Package.resolved
Podfile.lock
mix.lock
*.ico
*.jpeg
*.jpg
*.png
*.svg
By default, no branches are skipped.

โ€‹
Troubleshooting

If youโ€™re having issues with the GitHub or GitLab reviewers, try the following:
  • Verify your configuration in Company Settings โ†’ Configurations is correct.
  • The skip_branches option uses python regex to match the branch names. Ensure your regex patterns are valid.
  • If any of these solutions donโ€™t work, contact our support team at support@zenable.io.