You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Using the bug_tracker: GitHubPull option with SAST scanner, this action generates a PR comment with an incorrect number of details.
There is no filtering based on severity or category.
It appears that only the first vulnerability in each file for a given type is shown. For example - only the first CSRF vulnerability in adminlogin.jsp is shown.
Using the
bug_tracker: GitHubPull
option with SAST scanner, this action generates a PR comment with an incorrect number of details.There is no filtering based on severity or category.
It appears that only the first vulnerability in each file for a given type is shown. For example - only the first CSRF vulnerability in adminlogin.jsp is shown.
Actual behavior
The PR comment shows the following:
Cx-SAST Summary
Cx-SAST Details
How to reproduce
bug_tracker: GitHubPull
when triggered by a PR / branch changeExpected behavior
The
Cx-SAST Details
shows the same number of rows as there are vulnerabilities. 108 rows for High vulnerabilities, 163 rows for Medium, et cetera.Workaround
No workaround found yet except to fix vulnerabilities.
The text was updated successfully, but these errors were encountered: