-
Notifications
You must be signed in to change notification settings - Fork 34
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Extend the PR vuln check docs with commit status #1409
Conversation
is to use the `commit-status` action instead of `review` where Minder will set | ||
the commit status to `failure` if the PR introduces a new vulnerability which can | ||
then be used to block the PR. This requires an additional step though, where | ||
the repo needs to require the `minder.stacklok.dev/pr-vulncheck` status to |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I totally forgot about this, but since we have the branch protection remediations now, we could add a branch protection rule that ensures that certain commit statuses pass before merging and we could have one with this status, so that users don't have to enable anything manually.
Thoughts?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It would be a nice touch 👍 Let's open an issue so we don't forget 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
de399f3
to
b873ae6
Compare
is to use the `commit-status` action instead of `review` where Minder will set | ||
the commit status to `failure` if the PR introduces a new vulnerability which can | ||
then be used to block the PR. This requires an additional step though, where | ||
the repo needs to require the `minder.stacklok.dev/pr-vulncheck` status to |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It would be a nice touch 👍 Let's open an issue so we don't forget 👍
We should also mention this feature since we expect that many users will self-enroll