minder icon indicating copy to clipboard operation
minder copied to clipboard
verified publisher icon stacklok

Make homoglyph, vulnerability and Trusty check actions consistent when reviewing a PR

Open rdimitrov opened this issue 1 year ago • 1 comments

Currently we have a few rule types that act by parsing the contents of a PR - homoglyph, vulnerability and Trusty checks. Each parses the PR content and then comments/reviews or suggests an alternative dependency depending on the rule type.

The issue is that Minder comments on a PR every time there's a change which eventually gets quite noisy for PRs that address feedback or continue to add changes.

There's already an effort which fixes this partially by simplifying and minimising the amount of comments done by Minder, but it's not working for all rule types.

This issue is about fixing the differences and making this consistent across all rule types that act by commenting on a PR.

rdimitrov avatar Mar 06 '24 21:03 rdimitrov

Do we have a list of the rule types (remediation types?) that don't follow our best practice pattern / library?

evankanderson avatar Jul 16 '24 13:07 evankanderson

We're addressing this as part of this initiative https://docs.google.com/document/d/14oUVA4EC-S1MJwsha1rhl57uVApVRIsL3hBUj42uEWc/edit?tab=t.0#heading=h.t6pmvt8cqg3h and the pull_request_comment alert.

JAORMX avatar Nov 19 '24 14:11 JAORMX