Build with AI Delhi

AI Community Delhi

Security Code Review

Code Review & Security Analysis

with Gemini CLI and Extensions

Use the Gemini CLI and its extensions to review code and analyze security in your development workflow. Configure the environment, install extensions, and explore how they work.

Security Analysis

Identify vulnerabilities, SQL injection, SSRF, and info leaks.

Code Review

Analyze code quality, naming, and architectural patterns.

AI-Powered

Leverage Gemini AI for truly intelligent code analysis.

Security Scan

85%

12 issues resolved

Code Quality

92%

92% code coverage

Prerequisites:

Windows / macOS / Linux Gemini API Key Node.js 20+

Speaker Introduction

Yatin

SDE 2 @ Adda247

Building scalable Android & Cross-Platform solutions for millions of users.

5+

Years exp.

10+

Projects

Core Specializations

Android SDK Flutter / Dart Kotlin System Design

The Human Interface

Waiting for your Senior Dev to
start the "manual" code review...

"I pushed this PR 3 days ago, Yatin..."

Introduction & Goals

Fundamental concepts of using Gemini CLI in development.

Node 20+ NPM 10+

What You'll Learn

Setup & Configure Gemini CLI
Install AI-powered Extensions
Run Automated Code Reviews
Leverage MCP for External Tools
CI/CD Pipeline Integration

Quick Install

npm install -g @google/gemini-cli

What is Gemini CLI?

Gemini CLI is an AI-native agent that operates directly from your terminal. It's not just a chat interface; it's equipped with functional tools that can read your codebase, edit files, and search the documentation in real-time.

Interactive Mode gemini

Non-Interactive gemini -p "..."

Tool Access /tools

Local Environment Setup

Get your machine ready for the workshop.

Step 1

Open Terminal/PowerShell and ensure Node.js is installed.

Step 2

Generate a Gemini API Key from Google AI Studio.

Step 3

Clone the repository and install dependencies locally.

cloud-shell-terminal

# Check Node version

node --version

# Clone the workshop repository

git clone https://github.com/alphinside/gemini-cli-code-analysis-demo.git

# Install global CLI

npm install -g @google/gemini-cli

Setup & Configurations

Initializing the Gemini CLI framework.

1

Initialize CLI

gemini login

• Select Gemini API (for Personal/Local)
• Paste your API Key
• Setup complete!

2

Verify Configuration

gemini config

This will display your active project, location, and authentication method.

Configuration Structure (.json)

{
  "security": {
    "auth": {
      "selectedType": "gemini-api"
    }
  },
  "gemini_api": {
    "key": "your-gemini-api-key"
  }
}

PRO TIP

The config is stored in ~/.gemini/config.json but can be overriden using local .gemini/settings.json files inside projects.

Basic Commands & Tools

Navigate the AI agent environment like a pro.

Slash Commands

/help Get help on commands

/chat Manage conversation history

/extensions Manage installed skills

/mcp List MCP servers

/tools Show available tools

/config Manage configurations

Built-in Tools

file_read / file_edit Directly analyze or fix files

google_search Research latest libraries/fixes

shell Run local shell commands

file_search Find files across directories

Example Prompts

"What does this project do?"

"Find the most complex function and refactor it for readability."

"Create a unit test for main.py using pytest."

"Check if my database connection is secure."

Extensions Registry

Enabling high-order skills for your agent.

Security Extension

gemini extensions install
                                https://github.com/gemini-cli-extensions/security

Code Review Extension

gemini extensions install
                                https://github.com/gemini-cli-extensions/code-review

Verifying Success

Inside the gemini shell, run:

/extensions list

security ✓ code-review ✓

Interactive Security Analysis

Manual scanning with AI-guided remediation.

GEMINI REPL AI ACTIVE

>>> /security:analyze

Analysis in progress... checking 12 files.

[CRITICAL] Vulnerability Found

Potential SQL Injection at main.py:146. Input is directly concatenated into query string.

>>> How to fix this?

YOLO Mode

"Press CTRL + Y to trigger YOLO mode. This allows the AI to perform destructive operations like mkdir or file_edit WITHOUT asking for permission."

Discovery Tools

Path Traversal Checks
Credential Leak Scans
Insecure Defaults

Non-Interactive Code Review

Integrating AI insights without manual steps.

Step 1: Configuration

Create .gemini/settings.json to allow auto-approval.

{
  "security": {
    "disableYoloMode": false
  }
}

Step 2: Headless Command

                                gemini -p "activate the code review skill and review changes in current branch, then
                                write result to report.md"
                            

report.md Preview

# Code Review Findings

Security: SQL Injection at main.py:146. Critical risk.

Security: SSRF vulnerability in fetch_url endpoint.

Style: Mix of camelCase and snake_case detected. Suggest standardization.

Exposure: Env variables endpoint exposes sensitive info at main.py:423.

The Speed Factor

Scanning 1,000 files for Vulnerabilities
in roughly 5.2 seconds...

"I am speed. I am Gemini."

Model Context Protocol

Connecting Gemini to your entire ecosystem.

MCP allows Gemini CLI to interact with GitHub APIs, managing issues, pull requests, and multi-file analysis directly.

MCP Configuration

{
  "mcpServers": {
    "github": {
      "httpUrl": "https://api.githubcopilot.com/mcp/",
      "headers": {
        "Authorization": "your-github-token"
      }
    }
  }
}

Unified Context

Extensible Architecture

Cross-Tool Collaboration

Universal Context

"Gemini 🤝 MCP Correlation"
Wait... It Actually Reviewed Everything?

"When MCP gives Gemini the full picture of your stack."

CI/CD Pipeline Guardrails

Automated AI intelligence for every commit.

Active Pipeline

Source

Git Push / PR

Gemini Engine

Security & Review

Feedback

AI Suggestions

Merge

Verified Code

Block Insecure Code Automatically

Instant AI Peer Review Context

Zero-day Vulnerability Patching

The AI Shift

When you realize Gemini can
Fix & Deploy in 2 seconds

#ModernProblemsRequireModernSolutions

Build the Future with Gemini AI

Deep gratitude to the AI Community Delhi for hosting this session.

Questions?

I'm happy to discuss code reviews, security, or anything AI-related!

Connect & Build

Let's collaborate on the next big AI innovation together.

Extension Registry Official Docs

Access the Presentation

Scan the QR code below to download the slides or view them online.

developeryatin.github.io/gemini-cli