Question | Answer |
What is a pull request ‘body’? Does this include the code snippet? |
The pull request body is the text description part of the pull request. It does not include the code and our app does not request permissions to access the contents of repositories. |
How is the information kept secure over the lifecycle of the data? |
|
Do you have a sample of the payload so that we can see exactly what is being sent? |
We don't have a sample but you can see some more information in the GitHub documentation here. |
Is there any way a developer can hide/ignore SCW messages, besides hiding it on every comment? |
Unfortunately no, as comments are visible to everyone and there isn't a way to allow selective hiding of comments for certain users. |
What happens if the same vulnerability is detected more than once within the same PR? |
The SCW bot aims to avoid posting duplicate comments on the same topic/vulnerability.
|
What happens if more than one vulnerability is detected within the same PR? |
If more than one vulnerability is detected then the SCW bot will post a comment containing content for each topic/vulnerability identified. If additional vulnerabilities are detected in later comments or review threads the SCW bot will post additional comments if the topic has not been posted before.
|
Are there plans to make parts of the bot message configurable in the future? |
No current plans. |
In the email, there is an unsubscribe button. Does this unsubscribe you from the Pull Request/issue? |
The SCW bot does not generate emails itself, but GitHub will send email updates for comments posted on issues or pull requests if configured. The unsubscribe button would unsubscribe the user from the issue or pull request in line with how GitHub email notifications work generally. |
Comments
0 comments
Please sign in to leave a comment.