Skip to main content
PR Reviews are Mjolnir security reviews that run on your pull requests. They give you fast, targeted feedback during code review — before vulnerabilities are merged — rather than waiting for a full pentest run after deployment. Open the PR Reviews page from Pentests > Mjolnir > PR Reviews in the sidebar.
PR Reviews require a connected GitHub integration and an active Mjolnir configuration. Enable PR Reviews from the Mjolnir Configuration page.

How it works

When a pull request is opened (or pushed to, depending on your trigger mode), Mjolnir:
  1. Receives the PR diff and metadata from GitHub
  2. Reviews the changed code against the rest of your repository
  3. Surfaces any new security issues introduced by the change
  4. Posts the results back to GitHub as a Check run
  5. Optionally fails the check if findings meet your blocking severity threshold
Mjolnir’s review is targeted at the diff. It analyses the specific code that’s changing in the context of your codebase, so it can catch issues that only appear when the new code interacts with existing logic.

Configuration

Mjolnir PR review settings are managed on the Mjolnir Configuration page. From there you can:
  • Enable PR Review: turn the GitHub Check on or off
  • Trigger mode: review on PR open only, or on every push
  • Blocking severity threshold: fail the GitHub Check on Critical only, High and above, Medium and above, or never
  • Auto-suppression: when the same finding pattern is dismissed across multiple PRs, automatically create a suppression rule so it stops being raised
  • Auto-suppression threshold: how many distinct PRs must dismiss a pattern before auto-suppression kicks in

The PR Reviews list

The list view shows every PR review across your repositories.
  • Filter by repository or status (Queued, Running, Completed, Failed)
  • Sort by date or by number of open suggestions
  • Click any review to open its detail page
Each row shows the PR title, author, repository, status, open suggestion count, and how long the review took.

Review detail

The detail view shows everything Mjolnir found:
  • PR summary: title, author, repository, head SHA, links back to GitHub and the GitHub Check run
  • Diff stats: files changed, lines added/removed
  • Suggestions: each issue Mjolnir raised, grouped by file, with severity and a suggested code fix
  • Status bar: counts of open, accepted, and ignored suggestions
  • Mjolnir summary: a high-level write-up of what Mjolnir saw in this PR

Accepting or ignoring a suggestion

For each suggestion, your team can:
  • Accept the suggested fix to apply it back to the PR via a GitHub commit suggestion
  • Ignore the suggestion if it doesn’t apply (the equivalent of “won’t fix”)
Ignoring suggestions feeds the auto-suppression system: if the same pattern is ignored across multiple PRs above your configured threshold, Mjolnir creates a suppression rule automatically so it stops being raised on future PRs.

Triggering a review manually

If you want to ask Mjolnir to review a specific PR that wasn’t auto-reviewed (or to re-review a PR after changes), there are two ways to do it:
  • From GitHub: when the Mjolnir GitHub App is installed, a “Run Mjolnir Review” button is available on the PR
  • Direct link: visit /pentest/mjolnir/pr-reviews/trigger?repo=owner/repo&pr=123 in Odin (this is the URL the GitHub button calls)
The trigger queues the review and redirects you to the detail page once it’s ready.

Trigger modes

ModeBehaviour
Review on PR open onlyAutomatically reviews when a PR is first opened. Use the “Run Mjolnir Review” button on subsequent commits. Best for keeping costs down.
Review on every pushAutomatically reviews on every push. If multiple commits arrive rapidly, only the latest is reviewed. Best for continuous feedback.

Suppression Rules

Manage patterns Mjolnir should not raise in PRs