You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
Feedback from initial use of the GitHub/GitLab integrations has shown that the SUCCESS comments that get added to a PR/MR are considered too "noisy," specifically for the case where changes to the lockfile did not introduce any failing dependency checks across the risk domains.
Describe the solution you'd like
This request is not to get rid of the SUCCESS comment. Instead, it is meant to use it more sparingly...only for those situations where there was a non-SUCCESS comment posted first: FAILED, INCOMPLETE, or INCOMPLETE WITH FAILURE.
Describe alternatives you've considered
Eliminate the SUCCESS comment entirely
Re-write a single Phylum comment, in place, each time the PR changes
Additional context
The current integration behavior is to write a SUCCESS comment when the lockfile is analyzed and passes the thresholds. The thinking behind that design choice was to make it more obvious that the PR/MR included changes to the lockfile and that they were analyzed.
The lockfile will be analyzed when it has changed or when the --force-analysis flag is specified. If the lockfile is not analyzed (b/c it didn't change or --force-analysis wasn't provided), then NO PR comment will be written. The status check will show as "green" there, though.
Acceptance criteria
SUCCESS comments are only posted after any non-SUCCESS comment
The first Phylum comment on any MR/PR is only posted when there is something negative to say
Documentation is updated
The text was updated successfully, but these errors were encountered:
The Phylum GitHub App already implements the behavior described in this issue. That might elevate this one so that the Action and App have matching behavior.
Overview
Is your feature request related to a problem? Please describe.
Feedback from initial use of the GitHub/GitLab integrations has shown that the
SUCCESS
comments that get added to a PR/MR are considered too "noisy," specifically for the case where changes to the lockfile did not introduce any failing dependency checks across the risk domains.Describe the solution you'd like
This request is not to get rid of the
SUCCESS
comment. Instead, it is meant to use it more sparingly...only for those situations where there was a non-SUCCESS comment posted first:FAILED
,INCOMPLETE
, orINCOMPLETE WITH FAILURE
.Describe alternatives you've considered
SUCCESS
comment entirelyAdditional context
The current integration behavior is to write a
SUCCESS
comment when the lockfile is analyzed and passes the thresholds. The thinking behind that design choice was to make it more obvious that the PR/MR included changes to the lockfile and that they were analyzed.The lockfile will be analyzed when it has changed or when the
--force-analysis
flag is specified. If the lockfile is not analyzed (b/c it didn't change or--force-analysis
wasn't provided), then NO PR comment will be written. The status check will show as "green" there, though.Acceptance criteria
SUCCESS
comments are only posted after any non-SUCCESS commentThe text was updated successfully, but these errors were encountered: