minder icon indicating copy to clipboard operation
minder copied to clipboard
verified publisher icon stacklok

Reuse the inline comments from the OSV checker to provide more in-context suggestions in a GitHub Pull Request

Open jhrozek opened this issue 2 years ago • 2 comments

Currently we have the OSV evaluator which is able to provide inline comments for PRs with vulnerabilities. I tried to reuse it for the initial implementation of the Pi integration, but it turned out that some refactoring is needed and the inline comments are currently too coupled to vulnerabilities. We should enable the inline comments code to also comment on policies that use the Pi evaluator.

(Probably) Depends on: #1203

jhrozek avatar Oct 19 '23 19:10 jhrozek

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.

github-actions[bot] avatar Nov 19 '23 01:11 github-actions[bot]

We should do this in the following sprint

evankanderson avatar Aug 15 '24 16:08 evankanderson

We are changing this up completely and driving this from rule definitions, rather than Go code.

evankanderson avatar Dec 17 '24 14:12 evankanderson