User Feedback: GitHub PR Reviews

GitHub PR Reviews

GitHub PR reviews create a PR comment with summary of violations introduced in a specific PR. Learn more at our blog.

:white_check_mark: REPLY to give FEEDBACK! :white_check_mark:

Good idea, thanks for working on this!
One comment: it appears that it´s not possible to set a threat threshold for the comments, which means we get comments on things like Component-Unknown for submodules in Maven multi-module projects. Would it be possible to make this configurable on the policy level, like how one can specify actions and notifications?

1 Like

Thanks for the suggestion @reftel. We currently hide threat levels 0 and 1 as “informational” from a reporting perspective but non actionable by developers. Would it make sense for Component-Unknown to be set to a lower threat level? What types of threat levels would you considered as non-applicable to developers?