-
Notifications
You must be signed in to change notification settings - Fork 329
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable configuration to fail CI if new alerts are introduced #598
Comments
Hi there, thanks for reporting an issue. You are correct that Code Scanning is not failing because it has nothing to compare the new alerts against. The message:
means that it found some alerts in the PR, but it did not find any alerts in the base branch ( See Reasons for the "missing analysis" message You will need to run code scanning on the |
@aeisenberg Thanks for the quick feedback! Might I suggest a sentence or two be added to the README about this? I think it would help new users onboard faster. |
You may also find https://docs.github.com/en/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#defining-the-alert-severities-causing-pull-request-check-failure useful to determine the threshold for making the check fail. The default is that |
@aeisenberg @adityasharad After migrating to The project is: https://lgtm.com/projects/g/sillsdev/TheCombine/?mode=list We'd like to disable C# but keep Javascript. The problem we're hitting is that the |
Certainly. We have disabled C# on that project on LGTM. Please don't hesitate to let us know if we can be of more help as you migrate to code scanning on GitHub. |
@adityasharad Just wanted to report everything is working great now. Thank you! |
We are currently trying to migrate from LGTM to
codeql-action
due to limitations in LGTM's infrastructure.With LGTM, we could set it return a failing check any time new analysis alerts were introduced in an PR. This would allow us to prevent merging a PR if it introduced new alerts.
We set up the default GitHub Actions for
codeql-action
and it ran and found 6 alerts in our test suite, but the build did not put up a failing check that would have prevented merging.This is our first PR that adds
codeql-action
, so perhaps this needs to be merged first so that future PRs have something to be compared against? We are hesitant to merge without knowing there is a way to configure the action to fail when new alerts are introduced.The text was updated successfully, but these errors were encountered: