Feature/policy driven annotation#6313
Conversation
Signed-off-by: Meha Bhargava <meha.bhargava2@gmail.com>
Signed-off-by: Meha Bhargava <meha.bhargava2@gmail.com>
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
Up to standards ✅🟢 Issues
|
| Metric | Results |
|---|---|
| Complexity | 88 |
| Duplication | 5 |
🟢 Coverage 70.07% diff coverage · -0.17% coverage variation
Metric Results Coverage variation ✅ -0.17% coverage variation (-1.00%) Diff coverage ✅ 70.07% diff coverage (70.00%) Coverage variation details
Coverable lines Covered lines Coverage Common ancestor commit (a7bd2c0) 42724 37066 86.76% Head commit (eb029aa) 43066 (+342) 37288 (+222) 86.58% (-0.17%) Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch:
<coverage of head commit> - <coverage of common ancestor commit>Diff coverage details
Coverable lines Covered lines Diff coverage Pull request (#6313) 441 309 70.07% Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified:
<covered lines added or modified>/<coverable lines added or modified> * 100%
NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.
Signed-off-by: Meha Bhargava <meha.bhargava2@gmail.com>
Signed-off-by: Meha Bhargava <meha.bhargava2@gmail.com>
|
|
||
| private transient List<VulnerabilityAlias> aliases; | ||
|
|
||
| private transient AnalysisInfo analysis; |
There was a problem hiding this comment.
Do we need analysis inside vulnerability model? Any analysis should be at project/component level IMO.
There was a problem hiding this comment.
separated this out from the Vulnerability class
| LEFT JOIN "ANALYSIS" | ||
| ON "V"."ID" = "ANALYSIS"."VULNERABILITY_ID" | ||
| AND "COMPONENT"."PROJECT_ID" = "ANALYSIS"."PROJECT_ID" | ||
| AND "COMPONENT"."ID" = "ANALYSIS"."COMPONENT_ID" |
There was a problem hiding this comment.
This changes the logic of analysis matching. This would result in suppression at each component level instead of current project level.
There was a problem hiding this comment.
this change is only for view of vulnerabilities/ suppressions and policy annotations on per component basis.
The reconcilliation logic continues to be project level reconcilliation so suppression will continue to happen at project level.
This change will only fetch the project level suppression/ annotation for the specific component where the id match happens.
Signed-off-by: Meha Bhargava <meha.bhargava2@gmail.com>
Signed-off-by: Meha Bhargava <meha.bhargava2@gmail.com>
Signed-off-by: Meha Bhargava <meha.bhargava2@gmail.com>
Signed-off-by: Meha Bhargava <meha.bhargava2@gmail.com>
Signed-off-by: Meha Bhargava <meha.bhargava2@gmail.com>
Signed-off-by: Meha Bhargava <meha.bhargava2@gmail.com>
Signed-off-by: Meha Bhargava <meha.bhargava2@gmail.com>
Signed-off-by: Meha Bhargava <meha.bhargava2@gmail.com>
Signed-off-by: Meha Bhargava <meha.bhargava2@gmail.com> Co-authored-by: Cursor <cursoragent@cursor.com>
1d398ac to
eb029aa
Compare
Description
Vulnerability policies can attach annotations to matching findings. Multiple policies may match a single finding; annotations are merged and persisted on ANALYSIS.POLICY_ANNOTATIONS. Triage (state, suppress, ratings, etc.) is owned by the first non–annotation-only policy in bundle order.
Addressed Issue
#6205
Additional Details
Checklist
docs/adr/