This repository is used for testing GitHub Fixer at Mobb. The main branch contains the necessary files for testing this feature.
This branch is part of the CLI Integration Tests pipeline in the autofixer repository, specifically at the step: "Test Mobb GitHub Action". It includes a vulnerability identified by Snyk SAST Report, which is used to create a pull request where the vulnerability is detected. This test runs as part of a PR in the autofixer repository.
Each of the following branches is designed to test different categories of vulnerabilities and their handling by GitHub Fixer:
vul-pr-fixable- Contains a fixable issue categorized under Fixable.vul-pr-fixable-irrelevant-autogenerated-code- Contains a fixable issue in auto-generated code, categorized under Irrelevant.vul-pr-fixable-irrelevant-test-code- Contains a fixable issue in test code, categorized under Irrelevant.vul-pr-fixable-irrelevant-auxiliary-code- Contains a fixable issue in auxiliary code, categorized under Irrelevant.vul-pr-fixable-irrelevant-vendor-code- Contains a fixable issue in vendor code, categorized under Irrelevant.vul-pr-not-fixable-irrelevant-false-positive- Contains a non-fixable issue in vendor code, categorized under Irrelevant as a false positive.
-
If the issue is fixable, GitHub Fixer will display a comment with a fix suggestion. Users will have the option to:
- Visit the fix page
- Apply the fix directly via a button
-
If the issue is categorized as Irrelevant but is fixable, an additional message will be displayed, explaining why the issue is considered irrelevant.
-
If the issue is both Irrelevant and non-fixable, a comment will explain why the issue cannot be fixed.
This repository helps validate the behavior of GitHub Fixer and ensures proper handling of vulnerabilities across different categories.