GitHub Community
Can we (or when might we be able to) add dependabot and secret scanning alerts to campaigns. #144578
Replies: 2 comments
-
|
I understand the limitation you're experiencing with adding only code scanning alerts to campaigns.
|
Beta Was this translation helpful? Give feedback.
-
|
@Limzen I appreciate the super fast response, thank you! Unfortunately, I think any kind of workaround diminishes the whole concept and value of a camapaign to improve security, if it's fragmented across systems and not a single unified process, which seems to be the objective of this feature. As an enterprise customer, we're constantly striving for security and efficiency, and it doesn't seem to be a big lift to add different types of alert sources. Really hoping this makes it in to the product. When I first saw it, it felt like a dream come true. Plus we are trying to unify everything around code/code security which was a key reason for adopting Github enterprise. If we have to step back and use other products and services it feels like we're pulling that infamous thread that leads to the arm dropping off the shirt :) |
Beta Was this translation helpful? Give feedback.
-
Select Topic Area
Question
Body
We've successfully adopted campaigns, but would like to be able to add any security alert into the campaign.
Currently I can create a custom campaign but only add alerts from code scanning.
Our proposed process involves building campaigns where issues are same criticality, same repo and maximum of 5 alerts per campaign.
This enables us to pass reasonable size blocks of work through the engineering process.
As we can't add alerts of all types, it means the campaigns might not have critical alerts from dependabot for example.
Is broader support for adding all alerts to campaigns on the roadmap?
Does anybody have a suggested workaround for this?
Beta Was this translation helpful? Give feedback.
All reactions