💡 Automatically create an issue for each tool with errors #3090
Comments
RolfMoleman
changed the title
RolfMoleman
changed the title
|
@RolfMoleman do you mean that if 5 tools find errors on a PR, you want to create one GitHub issue by tool ? I'm afraid that if we do that, it will generate a dozens of issues that nobody will look for :/ In which context do you use MegaLinter ? |
Hi @nvuillam, I can see how it could be too noisy for some teams yes, but that's why I think an option would be helpful. We use MegaLinter in both Azure DevOps pipelines and GitHub workflows. There are some errors/warnings that whilst they should ideally be resolved are less crucial such as some formatting/linting ones. However, security based error such as those from the lies do KICS, Trufflehog, Chekov etc. it would be nice to have the option to have a separate issue created to resolve specific issues. Perhaps an issue reporter flag in the config file where we can include the options for all (for an issue per tool/linter with errors), Megalinter (for one issue that displays the Megalinter table, or perhaps something a bit like the renovate dependency dashboard) and the ability to list linters/tools for an issue o be created for each similar to the enable_linters option. I guess to reduce noise there could be an issue_level option which would refer to the serilog log_level so that if set as error would only create an issue for errors, if set to warning would create issues for warnings and above etc. I hope that makes sense |
|
This issue has been automatically marked as stale because it has not had recent activity. If you think this issue should stay open, please remove the |
github-actions
bot
added
the
O: stale 🤖
|
@RolfMoleman I see what you mean.. and I still think it would be too "chatty", but why not, especially when MegaLinter is not run as PR validation job but as "standalone" or scheduled job What if MegaLinter would post a single issue with the content of the MegaLinter results (like the table we post in a comment of the related PR) ? |
github-actions
bot
removed
the
O: stale 🤖
That sounds like a more than reasonable compromise |
|
This issue has been automatically marked as stale because it has not had recent activity. If you think this issue should stay open, please remove the |
github-actions
bot
added
the
O: stale 🤖
|
@RolfMoleman could we update the MegaLinter action to add steps to look in # grab just the summary
sed -Ene '/^\+-{3,}SUMMARY-{3,}/,$p' megalinter-reports/megalinter.log..and use it with actions/create-an-issue action, possibly with |
|
https://github.com/sett-and-hive/sarif-to-issue-action use the SARIF reporter with this ^ action |
github-actions
bot
removed
the
O: stale 🤖
Problem
We use megalinter in incremental non-blocking form (modified exit code, validate_codebase set to false) in pull requests and in full blocking form on a nightly schedule. I’d expect to see an option to have issues created for failures of individual tools
Suggested Solution
If not inside megaliter itself, some advice on how I could automatically raise issues if for example Chekov finds issues with the terraform.
Alternative Solutions
I could leave the megalinter exit code alone and have an issue created when it fails, but then megalinter becomes a blocker which our org isn't yet ready for. Also this would imply the issue is with megalinter rather than a specific tool inside it finding problems.
Additional Context
I'd like to see vulnerabilities have an issue created for teams to track progress to a resolution.
The text was updated successfully, but these errors were encountered: