Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Lack of notifications #16593

Open
mcandre opened this issue May 26, 2024 · 1 comment
Open

Lack of notifications #16593

mcandre opened this issue May 26, 2024 · 1 comment
Labels
question Further information is requested

Comments

@mcandre
Copy link

mcandre commented May 26, 2024

Unlike Dependabot, I don't appear to receive any email notifications for CodeQL.

CodeQL shows various warnings and security findings on individual repo pages. But neither of these results trigger followup emails.

This reduces the visibility of security alerts.
@mcandre mcandre added the question Further information is requested label May 26, 2024
@aibaars
Copy link
Contributor

aibaars commented May 27, 2024

CodeQL and other static analysis tools tend to produce a higher volume of alerts than Dependabot, and sending out email notifications for all of them is probably not a good idea. However, it would make sense to allow a user to configure notifications for example for critical security alerts. I don't think that is currently possible, I'll let the product team know so they can consider this idea.

Thanks a lot for your feedback!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mcandre @aibaars