It started with a real incident. An engineer at a fast-moving SaaS team pushed a routine refactor — cleaned up some middleware, reorganized a few route handlers. The PR looked fine: no test failures, no lint errors, clean diff. It merged on a Friday afternoon.
By Monday, the admin export endpoint was publicly accessible with no authentication. Not because anyone intended it — the auth guard was quietly dropped during the refactor and nobody noticed because the existing tooling only looks at code quality, not security posture or user impact.
"The tools were checking whether the code was clean. Nobody was checking whether the door was locked — or whether it led to a room with 80,000 people in it." We kept asking: why does every PR reviewer know about test coverage and linting, but nothing about which real users will be affected, or whether an auth guard just silently disappeared? Pendo already knows who uses which flows. Novus already maps every route in the codebase. The signal existed — it just wasn't connected to the moment that mattered most: the pull request Zero configuration to install. Because Novus auto-instruments from the codebase and Pendo is already tracking users, there is nothing for the engineer to configure. Install the GitHub App, add three env vars, and the first annotated PR appears within 15 seconds of the next push.
The comment degrades gracefully. When Pendo has no data for a route (internal API, newly created endpoint), the comment shows "no Pendo data" rather than hiding the row. When Novus is unavailable, security analysis falls back to local diff parsing. The comment always renders — it just gets richer as more signal is available.
Built With
- aiml
- cicd
- githubaction
- golang
- novus
- python
- railway
- typescript
- vectordb
Log in or sign up for Devpost to join the conversation.