GitHub Community
Creating an issue for multiple code scanning alerts #123668
Unanswered
SanjayVas
asked this question in
Code Security
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Select Topic Area
Product Feedback
Body
When you select multiple code scanning alerts in the UI, the only action you can take is to dismiss them. The action to create an issue for an alert is on the page for the single alert.
Use case: Container image scanning for many (33 in my repo) images. Each image gets a separate SARIF upload with its own category. For cases where the same vulnerability is detected in many images (for example, the vulnerability exists in the common base image), all of them can be listed when filtering by rule. To create a tracking issue, the current process involves having to manually list every alert in a list. Ideally one could instead select all alerts and then have an action to create an issue based on what is selected.
Example: https://github.com/world-federation-of-advertisers/cross-media-measurement/security/code-scanning?query=rule%3ACVE-2023-25193+ref%3Arefs%2Ftags%2Fv0.5.5+
Beta Was this translation helpful? Give feedback.
All reactions