-
Notifications
You must be signed in to change notification settings - Fork 48
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add configurations for CI to fail on OSH scan failures and new findings #2515
Comments
Thanks @siteshwar for writing this down. As a first thing, we need to resolve the reporting in general: #2516 |
I would probably prefer |
On a second thought, the status should not be "fail", it should be "action_required" on new findings. Also, it should be "neutral" if there is a new finding, but the CI is not configured to fail. |
This may be more complicated then it looked initially, as we plan to upload SARIF to CodeQL and it has its own checks for severity of the findings that determines the status of the CI. |
Can't the CodeQL replace the checks? 🤔 |
It seems configurable, but the default setting hides results from the user. We can only keep the |
This is a follow up on packit/packit#2371 (reply in thread)
We should add two separate configuration options to cause CI to fail on scan failures and new findings:
fail_ci_on_scan_failure
should cause CI to become red if OSH scan fails.fail_ci_on_new_findings
should cause CI to become red on new findings.Both of these options should be kept
false
by default. Because there may be issues with buildroot that can cause a scan to fail, or there may be large amount of false positives for certain projects.The text was updated successfully, but these errors were encountered: