User Feedback: PR Reviews

PR Reviews

PR reviews create a PR comment with summary of violations introduced in a specific PR. Learn more at our blog.

:white_check_mark: REPLY to give FEEDBACK! :white_check_mark:

Good idea, thanks for working on this!
One comment: it appears that it´s not possible to set a threat threshold for the comments, which means we get comments on things like Component-Unknown for submodules in Maven multi-module projects. Would it be possible to make this configurable on the policy level, like how one can specify actions and notifications?

Thanks for the suggestion @reftel. We currently hide threat levels 0 and 1 as “informational” from a reporting perspective but non actionable by developers. Would it make sense for Component-Unknown to be set to a lower threat level? What types of threat levels would you considered as non-applicable to developers?

This thread is named “github-pr-reviews” but I came here from a hyperlink inside of a BitBucket PR created by Nexus IQ…
Should that be in separate thread or here? (I see in general many places in the documentation referring only to GitHub while talking about BitBucket as well).

Hey @rantoniuk ,

Good catch; after creating this thread we’ve extended support beyond GitHub. I’ve updated the title and content of the post to reflect this. This is a fairly old thread but if you have feedback feel free to post here. If you have an idea for a feature request, head over to the ideas portal and submit there.

Cheers!

1 Like

I went ahead and reported a couple of suggestions there, all related to this thread :slight_smile:

IDEAS-I-1427 IDEAS-I-1428 IDEAS-I-1429 IDEAS-I-1430
(cannot comment with more than one link so… no links :wink: )

Was nice to see the PR, only issue that i had was that we keep the yarn.lock file in github as well, so in addition to the automated package.json update, had to pull the branch down locally and build with yarn to get the yarn.lock file updated and push new commit to the branch