Exposes categories to the main action #718

thypon · 2024-12-06T01:02:54Z

This change allow to decide which finding should be marked to have a needs-security-label or not.
In the future we might expand this capability to have specific labels for findings.

diracdeltas · 2024-12-06T06:17:42Z

assets/semgrep_rules/services/svelte-purifyConfig-usage.yaml

@@ -7,7 +7,8 @@ rules:
        - https://cwe.mitre.org/data/definitions/615
        - https://btlr.dev/blog/how-to-find-vulnerabilities-in-code-bad-words
      confidence: LOW
-      source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/services/svelte-purifyConfig-usages.yaml
+      source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/services/svelte-purifyConfig-usage.yaml


thypon requested review from bridiver, diracdeltas, ShivanKaul and stoletheminerals December 6, 2024 01:02

thypon added 2 commits December 5, 2024 17:05

commentsNumber: expose categories found in comments

259d86a

semgrep_rules/**/*.yaml: add category when missing

302ed5f

thypon force-pushed the features/needs-security-label-only-with-security-category branch from e9ce1a9 to 302ed5f Compare December 6, 2024 03:07

diracdeltas reviewed Dec 6, 2024

View reviewed changes

diracdeltas approved these changes Dec 6, 2024

View reviewed changes

thypon merged commit 5fae5ac into main Dec 6, 2024
7 checks passed

thypon deleted the features/needs-security-label-only-with-security-category branch December 6, 2024 22:39

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Exposes categories to the main action #718

Exposes categories to the main action #718

thypon commented Dec 6, 2024

diracdeltas Dec 6, 2024

Exposes categories to the main action #718

Exposes categories to the main action #718

Conversation

thypon commented Dec 6, 2024

diracdeltas Dec 6, 2024

Choose a reason for hiding this comment