GitHub and Claude Integration: PRs, Issues, and Automated Code Review
By Learnia Team
GitHub and Claude Integration: PRs, Issues, and Automated Code Review
๐ Last updated: March 10, 2026 โ Based on the official GitHub integration and Claude Code.
๐ Parent article: All Claude Integrations | See also: Claude Code Review Plugin | Claude Code & GitHub Actions
Why Integrate Claude with GitHub?
Code review is essential but time-consuming. In a team of 8 developers, code review consumes 3 to 5 hours per day combined. And despite the effort, many bugs slip through.
Claude solves this by automating the first review pass:
- โBug detection: Claude identifies logic errors, missed edge cases, and regressions
- โSecurity: Claude spots vulnerabilities (SQL injection, XSS, secret handling)
- โPerformance: Claude detects N+1 queries, memory leaks, and algorithmic complexity
- โConventions: Claude checks compliance with project standards
- โDocumentation: Claude generates PR descriptions and commit messages
The 3 Integration Modes
Mode 1: Direct GitHub Integration
Anthropic's official integration for GitHub. Claude is added as an automatic reviewer on PRs.
Setup:
- โGitHub Marketplace โ "Claude by Anthropic" โ Install
- โSelect your repos
- โConfigure review rules in
.claude/review.yml
Configuration file .claude/review.yml:
review:
auto_review: true
triggers:
- pull_request.opened
- pull_request.synchronize
focus:
- security
- performance
- bugs
- conventions
ignore:
- "*.md"
- "*.lock"
- "test/fixtures/**"
language: "en" # Comments in English
severity_threshold: "warning" # minimum: info, warning, error
Mode 2: GitHub Actions with Claude
Integrate Claude into your CI/CD pipeline via GitHub Actions.
Workflow .github/workflows/claude-review.yml:
name: Claude Code Review
on:
pull_request:
types: [opened, synchronize]
jobs:
review:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Get changed files
id: changed
run: |
echo "files=$(git diff --name-only origin/main...HEAD | tr '\n' ' ')" >> $GITHUB_OUTPUT
- name: Claude Review
uses: anthropics/claude-code-action@v1
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
model: "claude-sonnet-4-20250514"
prompt: |
Review the following code changes for:
1. Bugs and logical errors
2. Security vulnerabilities
3. Performance issues
4. Code style and conventions
Files changed: ${{ steps.changed.outputs.files }}
Provide feedback as GitHub PR comments.
Mode 3: MCP Server GitHub
The GitHub MCP server enables Claude to interact directly with the GitHub API.
Installation:
# In your Claude Desktop or Claude Code configuration
{
"mcpServers": {
"github": {
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-github"],
"env": {
"GITHUB_PERSONAL_ACCESS_TOKEN": "ghp_xxxxxxxxxxxx"
}
}
}
}
What the MCP Server enables:
| Action | Claude Command |
|---|---|
| List open PRs | "Show me the open PRs on this repo" |
| Read PR code | "Analyze the changes in PR #42" |
| Comment on a PR | "Add a comment on line 15 of index.ts" |
| Create an issue | "Create an issue to track this bug" |
| List issues | "Which issues are assigned to @alice?" |
| Merge a PR | "Merge PR #42 as squash" |
Automated Code Review
What Claude Analyzes
| Category | Detection Examples | Severity |
|---|---|---|
| Bugs | Null pointer, off-by-one, race condition | ๐ด Error |
| Security | SQL injection, XSS, hardcoded secrets, path traversal | ๐ด Error |
| Performance | N+1 queries, O(nยฒ) loops, memory leaks | ๐ก Warning |
| Conventions | Naming, formatting, file structure | ๐ต Info |
| Tests | Missing tests, insufficient coverage, flaky tests | ๐ก Warning |
| Documentation | Missing JSDoc, outdated README, unchanged changelog | ๐ต Info |
Example Claude Review
For a PR that adds an API route:
## Claude Code Review โ PR #142
### ๐ด Critical Bug (line 23)
The function `getUserById` doesn't handle the case where the user doesn't exist.
`user` can be `null`, causing a `Cannot read property 'email' of null` error.
**Suggestion:**
```typescript
const user = await getUserById(id);
if (!user) {
return res.status(404).json({ error: 'User not found' });
}
๐ด Security (line 31)
The id parameter is not validated. An attacker could send
a value like 1 OR 1=1 if you're using SQL concatenation.
Suggestion: Use a typed parameter or an ORM.
๐ก Performance (line 45)
The findAll() query returns all records without pagination.
For a table with 100k+ rows, this will cause a timeout.
Suggestion: Add limit and offset or use cursor-based pagination.
๐ต Convention (line 12)
The route name /getUser uses a verb. Per the project's REST conventions,
prefer /users/:id with the GET method.
Summary: 2 critical errors, 1 warning, 1 info. Please fix the critical errors before merging.
## Automated Issue Triage
Claude can sort, classify, and assign issues automatically.
### Triage Configuration
```yaml
# .claude/triage.yml
triage:
auto_label: true
labels:
- name: "bug"
condition: "issue describes unexpected behavior or error"
- name: "feature"
condition: "issue requests new functionality"
- name: "documentation"
condition: "issue relates to docs improvements"
- name: "security"
condition: "issue describes a security vulnerability"
priority: "high"
auto_assign:
- pattern: "frontend/**"
team: "frontend-team"
- pattern: "api/**"
team: "backend-team"
- pattern: "infra/**"
team: "devops-team"
auto_respond: true
response_template: |
Thanks for this issue! ๐
**Classification**: {label}
**Priority**: {priority}
**Assigned team**: {team}
A team member will respond within 48 hours.
Example Automatic Triage
Issue created by a user:
"The login page shows a blank screen on Safari when I submit the form. Console shows 'Uncaught TypeError: Cannot read properties of undefined'."
Claude analyzes and applies:
- โLabel:
bug,browser-compatibility - โPriority: High (critical feature + JavaScript error)
- โAssignment:
@frontend-team - โComment: Probable issue description (API incompatibility) + links to relevant files
Commit Message Generation
Claude generates descriptive commit messages that follow conventions.
Conventional Commits Convention
feat(auth): add OAuth2 Google login flow
- Implement Google OAuth2 authorization code flow
- Add callback route handler with token exchange
- Store refresh tokens in encrypted session
- Add unit tests for token validation
Closes #127
Generation Prompt
@Claude generate a commit message for these changes:
[diff or description of changes]
Convention: Conventional Commits
Format: type(scope): short description
Body: list of main changes
Footer: related issues
Advanced GitHub Actions with Claude
Action: Auto PR Description
name: Auto PR Description
on:
pull_request:
types: [opened]
jobs:
describe:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Generate PR Description
uses: anthropics/claude-code-action@v1
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
prompt: |
Generate a comprehensive PR description for these changes.
Include: summary, changes list, testing notes, screenshots needed.
update_pr_description: true
Action: Issue Resolution
name: Auto Fix Issues
on:
issues:
types: [labeled]
jobs:
fix:
if: contains(github.event.label.name, 'claude-fix')
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Claude Fix
uses: anthropics/claude-code-action@v1
with:
anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
prompt: |
Read issue #${{ github.event.issue.number }}.
Analyze the codebase, implement the fix, and create a PR.
create_pr: true
pr_title: "fix: resolve #${{ github.event.issue.number }}"
Best Practices
For Reviews
- โConfigure ignored files โ Exclude generated files (lock files, builds)
- โAdjust the severity threshold โ Start with "error" only, then expand
- โCustomize conventions โ Add a
CLAUDE.mdat the repo root with your standards - โReview the reviews โ Initially, verify that Claude's comments are relevant
For Triage
- โStart simple โ 3-4 labels only at first
- โAdd context โ The more detailed the issue, the better the triage
- โFeedback loop โ Correct misclassifications to improve rules
For Actions
- โLimit permissions โ Give Claude only the necessary rights
- โUse secrets โ Never hardcode API keys
- โTest on a sandbox repo โ Before deploying to production
- โSet guardrails โ Claude should not merge to main on its own
Comparison: Claude vs. GitHub Alternatives
| Feature | Claude (GitHub) | Copilot PR Review | CodeRabbit | Sourcery |
|---|---|---|---|---|
| Review quality | โญโญโญโญโญ | โญโญโญโญ | โญโญโญโญ | โญโญโญ |
| Security detection | โ Strong | โ ๏ธ Basic | โ Good | โ ๏ธ Limited |
| Issue triage | โ | โ | โ | โ |
| Auto resolution | โ (via Actions) | โ ๏ธ (Copilot Workspace) | โ | โ |
| MCP Server | โ | โ | โ | โ |
| Comment languages | All | English | English | English |
| Price | Claude Team + API | Copilot Enterprise | $15/mo/repo | $10/mo |
Metrics and ROI
KPIs to Track
| Metric | Before Claude | After Claude | Target |
|---|---|---|---|
| Average review time | 45 min/PR | 12 min/PR | -70% |
| PRs reviewed/day | 4-5 | 12-15 | +200% |
| Bugs detected in review | 2-3/week | 6-8/week | +150% |
| Average triage time | 15 min/issue | 2 min/issue | -85% |
| Bugs in production | Baseline | -40% | โ |
ROI for an 8-Developer Team
Review time saved: 8 devs ร 2h/day ร 20 days = 320h/month
Average hourly cost: $80
Value: 320 ร $80 = $25,600/month
Claude cost: 8 ร $30 + ~$200 API = ~$440/month
ROI: ($25,600 - $440) / $440 โ 5,700%
Troubleshooting
| Problem | Solution |
|---|---|
| Claude doesn't comment on PR | Check integration permissions in Settings โ Integrations |
| Reviews in wrong language | Add language: "en" in .claude/review.yml |
| Frequent false positives | Refine rules in .claude/review.yml and add ignore patterns |
| GitHub Action fails | Check the ANTHROPIC_API_KEY secret and workflow permissions |
| MCP Server won't connect | Check the GitHub token (scopes: repo, read:org) |
Conclusion
The Claude + GitHub integration transforms the development cycle by automating repetitive tasks (review, triage, documentation) while increasing code quality. The combination of AI review + human review catches more bugs, faster, with less effort.
Start with automated PR review โ it's the highest-impact quick win for any development team.
โ Back to the main guide: All Claude Integrations
Module 0 โ Prompting Fundamentals
Build your first effective prompts from scratch with hands-on exercises.
Weekly AI Insights
Tools, techniques & news โ curated for AI practitioners. Free, no spam.
Free, no spam. Unsubscribe anytime.
โRelated Articles
FAQ
How do I connect Claude to a GitHub repository?+
Go to repo Settings โ Integrations โ Add the Claude by Anthropic integration. Configure permissions (code read, PR comment write). Claude can also be connected via GitHub Actions or the GitHub MCP server.
Can Claude automatically review Pull Requests?+
Yes. Once configured, Claude analyzes each new PR and adds detailed comments: potential bugs, performance issues, security vulnerabilities, refactoring suggestions, and project convention compliance.
Is the Claude GitHub integration free?+
The base integration requires a Claude Team or Enterprise plan. Usage via GitHub Actions consumes API credits. The GitHub MCP server is open source and free, but requires Claude API access.
Can Claude write code directly in GitHub?+
Claude can suggest code changes in PR comments. With Claude Code and the GitHub Actions integration, it can also create commits, open PRs, and resolve issues automatically.
How does Claude handle source code confidentiality?+
On Team and Enterprise plans, analyzed code is not used for training. Claude processes code in memory for the duration of the analysis only. For private repos, only authorized users can trigger analysis.