Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix "no open security advisories" rule #74

Open
teodor-yanev opened this issue Apr 3, 2024 · 1 comment
Open

Fix "no open security advisories" rule #74

teodor-yanev opened this issue Apr 3, 2024 · 1 comment
Labels
P2 Nice to fix: non-critical items that should be evaluated and planned during issue triage

Comments

@teodor-yanev
Copy link
Contributor

teodor-yanev commented Apr 3, 2024

In https://github.com/stacklok/minder-rules-and-profiles/pull/72 the rule was updated to better reflect its functionality and to filter out "draft" GHSAs upon profile creation (this was done to keep it consistent with the GitHub webhooks).

There seems to be another problem with the rule, which is the following:
The profile correctly "fails" when a Triage GHSA is created, but never recovers from it if that exact GHSA is "closed" or accepted into "draft". Just to make it clear, there are 4 states a GHSA can be in: "triage", "draft", "published" and "closed". The ones that send a GitHub webhook event are "triage (reported)" and "published". The other two, do not.
Due to this, we don't bring the profile back to "Success" once a GHSA in "triage" is transferred to "closed" or accepted as a "draft", only when it's "published".

cc: @JAORMX

@evankanderson evankanderson added the P2 Nice to fix: non-critical items that should be evaluated and planned during issue triage label Jul 16, 2024
@mesembria
Copy link
Contributor

Will be solved by reminder work.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
P2 Nice to fix: non-critical items that should be evaluated and planned during issue triage
Projects
None yet
Development

No branches or pull requests

3 participants