Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Code scanning alerts on the PR’s Conversation tab (GHES) #488

Open
github-product-roadmap opened this issue Apr 13, 2022 · 0 comments
Open
Labels
codeql ga github advanced security security & compliance server

Comments

@github-product-roadmap
Copy link
Collaborator

@github-product-roadmap github-product-roadmap commented Apr 13, 2022

Summary

Code scanning will post security alerts to the PR’s conversation tab in a new way: a PR review composed of annotations. Users will be able to comment on any individual alert (annotation) to discuss it. The functionality will be available on GHES 3.6.

Intended Outcome

Currently, code scanning alerts are posted as PR checks and are sometimes missed by developers. At the same time, alerts can't be discussed in the PR itself. Tight integration in the conversation tab will address both points.

How will it work?

Code scanning uses checks (annotations) to communicate that an analysis is in progress and block the PR when an alert is flagged up. This behavior will remain unchanged.

In addition to these checks, the code scanning annotations will appear on the PR’s conversation tab as a PR review.

@github github locked and limited conversation to collaborators Apr 13, 2022
@github-product-roadmap github-product-roadmap added codeql ga github advanced security security & compliance server labels Apr 13, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
codeql ga github advanced security security & compliance server
Projects
Status: Q3 2022 – Jul-Sep
Development

No branches or pull requests

1 participant