Re-Opening Security Alerts with Comments #127732
Unanswered
hiEntropy
asked this question in
Code Security
Replies: 1 comment 1 reply
-
I would take this a step further. The ability to reopen with a comment is more of a temporary fix. Ideally, the alert page should include a comment form, similar to a PR, to allow discussion of details directly on the alert page. |
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Select Topic Area
Product Feedback
Body
GHAS has been a great addition to our organization. Currently our efforts are focussed on automating vulnerability management tasks using GitHub webhooks.
Sometimes developers close alerts in ways that are not compliant with our vulnerability management process. To address this issue, we would like to re-open security alerts with a comment telling the developer why the ticket was re-opened and how to fix it. Currently, the API and UI do not support reopening a security alert with a comment. At the present time, the only way to achieve this is to:
This is not very straightforward and is confusing to the intended audience.
Another avenue would be to create an issue in the repository. Unfortunately our developers do not utilize issues as a means of recording, prioritizing or executing work. Our security alerts would be the only issues in GitHub issues and would likely not get the attention they need.
A third option was to create a Jira ticket, which is were our developers prioritize work, but this is an out of band communication. In the past we have not had success with this method. GHAS being in the developer workflow has proved far superior to this solution.
I am requesting that support be added for re-opening security alerts via the API and web UI with a comment. This would make automating vulnerability management with GitHub much easier and effective.
Beta Was this translation helpful? Give feedback.
All reactions