-
Notifications
You must be signed in to change notification settings - Fork 46
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New flag request: --canAutoPR #182
Comments
Thanks for raising this request, this repository is currently in maintenance mode where the team is only working on critical bug fixes and accepting open source contributions. One of my colleagues will be making this change and the team will review once ready. |
thavelock
added a commit
to thavelock/jira-tickets-for-new-vulns
that referenced
this issue
Nov 29, 2022
lili2311
pushed a commit
that referenced
this issue
Dec 2, 2022
lili2311
added a commit
that referenced
this issue
Dec 2, 2022
Thi is to address #182 Co-authored-by: Troy Havelock <troy.havelock@snyk.io>
lili2311
added a commit
that referenced
this issue
Dec 2, 2022
Thi is to address #182 Co-authored-by: Troy Havelock <troy.havelock@snyk.io>
lili2311
added a commit
that referenced
this issue
Dec 16, 2022
* minor: Adding new flag: canAutoPR (#187) Thi is to address #182 Co-authored-by: Troy Havelock <troy.havelock@snyk.io> * minor: Added DueDate support for creating Jira (#185) Added the optional flag for the due date built-in flag. Updated README with instructions Co-authored-by: Alexandre Vallières-Lagacé <alexandre@circleci.com> Co-authored-by: Troy Havelock <troy.havelock@snyk.io> Co-authored-by: Alexandre Vallières-Lagacé <alexandre@circleci.com>
lili2311
added a commit
that referenced
this issue
Jun 22, 2023
major: Migrate to REST List Projects API This is to address #182 Co-authored-by: Troy Havelock <troy.havelock@snyk.io> * minor: Added DueDate support for creating Jira (#185) Added the optional flag for the due date built-in flag. Updated README with instructions Co-authored-by: Alexandre Vallières-Lagacé <alexandre@circleci.com> * minor: align urls with the recommended domains and paths (#192) Switch from: - `snyk.io/api` to `api.snyk.io` - `api.snyk.io/api` to `api.snyk.io` - `snyk.io/vuln` to `security.snyk.io/vuln` - `api.snyk.io/v3` to `api.snyk.io/rest` * minor: use public utility container for github releasing tool (#194) * major: Migrate to REST List Projects API (#199) --------- Co-authored-by: Jeff B <jeff.b@runbox.com> Co-authored-by: Troy Havelock <troy.havelock@snyk.io> Co-authored-by: Alexandre Vallières-Lagacé <alexandre@circleci.com> Co-authored-by: Jérémy Lourenço <jeremy.lourenco@snyk.io> Co-authored-by: aarlaud <antoine@snyk.io> Co-authored-by: Jeff B <jeff.b@runbox.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When trying to use the
--isUpgradeAvailableOnly
flag to try to only create Jira tickets for fixable problems, I hit the issue of tickets with fixes not being created.Upon checking the API, I found that the reason was simple: tickets with patches available had
isUpgradable
set to False, butisFixable
set to true.Suggestion: To prevent breaking things for customers depending on the current implementation of
--isUpgradeAvailableOnly
, create a second flag (optimally incompatible with each other) called--canAutoPR
which would pass if any of the fixInfo fields are true - which I believe would cover any issue that can have an automated PR generated by snyk.As far as I can tell, the code to add to is mostly here - but I don't know golang well enough to produce a PR.
https://github.com/snyk-tech-services/jira-tickets-for-new-vulns/blob/develop/jira.go#L247
Json response from https://app.snyk.io/api/v1/org/$ORG_ID/project/$PROJECT_ID/aggregated-issues:
Reproduction steps:
Create a git repo with a single file,
requirements.txt
that has the following contents:Scan the repo with snyk, in an org with jira integration enabled
Try to call this script against that project with the
--isUpgradeAvailableOnly
flag setThe text was updated successfully, but these errors were encountered: