-
Notifications
You must be signed in to change notification settings - Fork 92
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add trusty scores #771
base: main
Are you sure you want to change the base?
Add trusty scores #771
Conversation
Signed-off-by: nigel brown <nigel@stacklok.com>
Signed-off-by: nigel brown <nigel@stacklok.com>
Signed-off-by: nigel brown <nigel@stacklok.com>
Signed-off-by: nigel brown <nigel@stacklok.com>
Signed-off-by: nigel brown <nigel@stacklok.com>
Signed-off-by: nigel brown <nigel@stacklok.com>
Signed-off-by: nigel brown <nigel@stacklok.com>
Signed-off-by: nigel brown <nigel@stacklok.com>
Signed-off-by: nigel brown <nigel@stacklok.com>
Signed-off-by: nigel brown <nigel@stacklok.com>
Signed-off-by: nigel brown <nigel@stacklok.com>
Signed-off-by: nigel brown <nigel@stacklok.com>
Signed-off-by: nigel brown <nigel@stacklok.com>
Signed-off-by: nigel brown <nigel@stacklok.com>
Signed-off-by: nigel brown <nigel@stacklok.com>
Signed-off-by: nigel brown <nigel@stacklok.com>
Signed-off-by: nigel brown <nigel@stacklok.com>
Signed-off-by: nigel brown <nigel@stacklok.com>
Signed-off-by: nigel brown <nigel@stacklok.com>
Signed-off-by: nigel brown <nigel@stacklok.com>
Signed-off-by: nigel brown <nigel@stacklok.com>
Signed-off-by: nigel brown <nigel@stacklok.com>
Signed-off-by: nigel brown <nigel@stacklok.com>
Signed-off-by: nigel brown <nigel@stacklok.com>
Signed-off-by: nigel brown <nigel@stacklok.com>
Hi @lukehinds and @therealnb ! Some initial comments and observations:
I'll make some other suggestions and feedback inline in the PR |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some initial feedback; not a tech review
Co-authored-by: Jon Janego <jonjanego@github.com>
@jonjanego thanks for the feedback. +/- is whether the file was added or removed. The next symbol is whether this is a good idea or not. Basically, removing any file is safe (green tick). Adding one with a score lower than the configured levels might get a warning or a cross. I did consider only showing files that were added, but it might be useful context to show the ones that are removed too (i.e. removing a high scoring one and replacing it with a low scoring one). I am open to suggestions here. I'll work on your other comments. Cheers |
Co-authored-by: Jon Janego <jonjanego@github.com>
Signed-off-by: nigel brown <nigel@stacklok.com>
thanks for the clarification. i think it's fine to include that, but a bit of UX feedback would be to split that information into two separate columns. it's a cleaner view that way. |
Signed-off-by: nigel brown <nigel@stacklok.com>
(I hope) Signed-off-by: nigel brown <nigel@stacklok.com>
I just saw your comment after I committed this code See https://github.com/StacklokLabs/DepRevTest/actions/runs/9131982560?pr=5 for an example. If you want I can revert and we can have two columns. Let me know. |
For information these ones
Are a bug I found in our ingestion. There is a fix for those that should be deployed next week. |
Signed-off-by: nigel brown <nigel@stacklok.com>
Signed-off-by: nigel brown <nigel@stacklok.com>
Signed-off-by: nigel brown <nigel@stacklok.com>
and add bearer token Signed-off-by: nigel brown <nigel@stacklok.com>
Signed-off-by: nigel brown <nigel@stacklok.com>
This is some work to include trusty scores in the dependency review action.
There are some more unit tests and this has been manually tested with https://github.com/StacklokLabs/DepRevTest/actions.
Many thanks.
CC @lukehinds