github-security-alerts

github-security-alerts copied to clipboard

Unlike the [GitHub Pull Requests & Issues extension](https://marketplace.visualstudio.com/items?itemName=GitHub.vscode-pull-request-github), this extensions does not seem to work with GitHub Enterprise Server 

mbaluda

The code scanning page on github.com displays the details of the last analysis run (e.g. time it was run, # of lines scanned, etc.), and it would be valuable to...

lostintangent

Currently, we only show dependabot and secret scanning alerts, and we could choose to also display secret alerts as well. At the moment, secret scanning alerts are only visible to...

lostintangent

Currently, we don't check if the user is an admin on the current repo or not. We simply check to see if they can access alerts via the API, and...

lostintangent

In addition to the tree view, it would be valuable to allow users to view their list of active code scanning alerts, using the SARIF Viewer extension. For example, we...

lostintangent

Currently, the `Security` view displays all active Dependabot alerts. But in order to provide better filters, we should provide a toggle to hide/show alerts that only affect development-time dependencies (as...

lostintangent

Currently, the `Security` view only displays the "most recent" instance of an alert. We should enhance this, and display n-number of instances (file + line/col), as child nodes of the...

lostintangent

I would like to see the dependabot alerts related to upstream, when working on forks. I wanted to suggest if there is possibility add a setting and select the remote.

rwxsb

 Tried to re-install, sign-out and sign-in, revoked vscode Authorized OAuth App - but nothing helped. Any idea how to fix it?

leonk-sportsbet

Would it be possible to have an option to show the vulnerability comment box (or a security icon) next to the line of affected code when in normal editing mode?...

henry-prince-addepar