Docs

Configuring LLM Providers

STAR uses Large Language Models (LLMs) to analyze code and generate security fixes. Configure your preferred LLM provider to enable AI-powered security remediation:

GitHub Copilot Integration

STAR connects to GitHub Copilot via OAuth application authentication:

  1. In Bright’s Platform, go to Settings → Integrations
  2. Click Connect GitHub Copilot
  1. You will be redirected to GitHub to authorize the STAR application for Copilot access
  2. Review requested permissions and click Authorize to grant STAR access to GitHub Copilot.
  3. Select which repositories you want to grant Copilot access to for code analysis
  4. Click "Install", and you will be redirected back to Bright's platform

STAR will now use GitHub Copilot to generate security fixes and code suggestions.


OpenAI Integration

STAR connects to OpenAI using an API key:

  1. In OpenAI, go to your API Keys.
  2. Click Create new secret key.
  3. Copy the key.
  4. In Bright's platform, go to Settings → Integrations.
  5. Give your key a descriptive name (e.g., "STAR Integration")
  6. Copy the generated API key (it will only be shown once)
  7. In Bright's UI, navigate to Settings -> Integrations
  8. Click Connect to OpenAI.
  9. Paste your API key and click connect.













💡

Prerequisites

Ensure your OpenAI account has sufficient credits and API access enabled. You can monitor usage in your provider's dashboard.

🚧

Required model support

Make sure your provider gives access to gpt-5.3-codex (for code analysis and fix generation) and text-embedding-3-small (for code embeddings). Without both models enabled on your account, STAR remediation will not work.

Anthropic Integration

STAR connects to Anthropic using an API key:

  1. Generate an API key in the Anthropic Console.
  2. In Bright's platform, go to Settings → Integrations.
  3. Click Connect Anthropic.
  4. Paste your API key and click Connect.
💡

Before you start

Make sure your Anthropic account has sufficient credits. See Anthropic's documentation for details.

🚧

Required model support

Your account must have access to claude-sonnet-4-6. STAR remediation depends on it.

Security Best Practice: Rotate your API keys regularly and never share them publicly.