What makes diffray different from other AI code review tools?

diffray uses multi-agent intelligence instead of single-model AI. Multiple specialized agents work together - Security Agent, Performance Agent, Architecture Agent, and Consistency Agent - each expert in their domain. This coordinated approach reduces false positives by 87% and catches 3x more real bugs.

How long does a code review take with diffray?

diffray provides comprehensive code reviews quickly. The multi-agent system works in parallel to analyze your code efficiently while maintaining thorough analysis.

Is diffray free for open source projects?

Yes, diffray is free forever for open source projects. We support the open source community with full access to our multi-agent code review platform.

Security-First Code Review

AI + Security Tools.
Zero Blind Spots.

diffray combines industry-leading security scanners (TruffleHog, Semgrep) with AI interpretation. Catch leaked secrets and vulnerabilities before they reach production.

Why AI Alone Isn't Enough

AI models are great at reasoning, but specialized tools catch what AI misses

AI-Only

Context awareness

Reasoning about patterns

May miss edge cases

False negatives possible

Tools-Only

Precise detection

Low false negatives

High false positives

No context understanding

AI + Tools (diffray)

Higher detection rates

Lower false positives

Better context

Actionable remediation

Tools detect. AI validates and explains. You get actionable results.

Secrets Detection

TruffleHog Integration

Industry-leading secrets scanner that detects leaked credentials, API keys, and sensitive data before they reach your repository.

What It Detects:

AWS access keys

GitHub tokens

Private keys (RSA, SSH)

Database connections

700+ API key formats

JWT tokens

Cloud credentials

Session secrets

How TruffleHog Works:

Regex Patterns

Matches known credential formats

Entropy Analysis

Detects high-entropy strings that look like secrets

Verification

Attempts to verify if detected secrets are active

AI Enhancement

Validates — confirms it's a real credential, not a false positive
Assesses severity — test key vs production credential
Provides context — where it's used and potential impact
Suggests remediation — how to rotate and secure

What Semgrep Detects:

Injection Vulnerabilities

SQL injection, command injection, XSS

Auth Issues

Hardcoded passwords, weak crypto

Insecure Configs

Debug mode, CORS misconfigurations

Code Quality

Null pointer, resource leaks

30+ Languages Supported:

TypeScriptJavaScriptPythonGoJavaKotlinRubyPHPC/C++RustSwift

Static Analysis

Semgrep Integration

Fast, open-source static analysis that finds bugs and security vulnerabilities using semantic pattern matching. Unlike regex tools, Semgrep understands code structure.

AI Enhancement

Validates relevance — checks if finding applies to your code
Reduces noise — filters false positives based on context
Prioritizes severity — ranks by actual risk
Explains vulnerability — how it could be exploited
Provides fixes — specific code changes

The Security Pipeline

How security tools integrate into every code review

PR Changes Detected

New code is pushed to a pull request

TruffleHog Scans

Secrets scanner checks only new changes

Semgrep Analyzes

Static analysis runs on modified code

AI Receives Context

Tool output + code context sent to AI

AI Validates & Filters

False positives removed, findings enriched

Actionable Report

Clear, prioritized issues with fixes

Differential Scanning

Only analyzes changes in the PR — fast scans, no noise from existing issues

AI Validation

Every finding reviewed by AI — false positives filtered, context added

Unified Reporting

All findings in one organized comment with consistent formatting

Catch Security Issues
Before Production

Leaked secrets and vulnerabilities don't stand a chance. Start securing your code today.

Start Free Trial Read Security Docs

TruffleHog + Semgrep included

No configuration needed

Runs on every PR

AI + Security Tools.Zero Blind Spots.

Why AI Alone Isn't Enough

TruffleHog Integration

What It Detects:

How TruffleHog Works:

AI Enhancement

What Semgrep Detects:

30+ Languages Supported:

Semgrep Integration

AI Enhancement

The Security Pipeline

Differential Scanning

AI Validation

Unified Reporting

Catch Security IssuesBefore Production

AI + Security Tools.
Zero Blind Spots.

Catch Security Issues
Before Production