Code scanning alerts on the PR’s Conversation tab (GHES) #488
Labels
codeql
Feature: GitHub codeql
ga
Feature phase: Generally available
github advanced security
Product SKU: GitHub Advanced Security
security & compliance
Feature area: Code security and compliance
server
Available on Server
Summary
Code scanning will post security alerts to the PR’s conversation tab in a new way: a PR review composed of annotations. Users will be able to comment on any individual alert (annotation) to discuss it. The functionality will be available on GHES 3.6.
Intended Outcome
Currently, code scanning alerts are posted as PR checks and are sometimes missed by developers. At the same time, alerts can't be discussed in the PR itself. Tight integration in the conversation tab will address both points.
How will it work?
Code scanning uses checks (annotations) to communicate that an analysis is in progress and block the PR when an alert is flagged up. This behavior will remain unchanged.
In addition to these checks, the code scanning annotations will appear on the PR’s conversation tab as a PR review.
The text was updated successfully, but these errors were encountered: