Find and Fix Vulnerabilities in Seconds using GitHub PR Reviews with Line Comments

Pull request line comments highlight the exact line(s) of code that introduced a policy violation, giving developers all the information they need to remediate open source risks and innovate securely without sacrificing speed.

Developers need to know if code they commit introduces risks and why. The sooner they find potential policy violations or security vulnerabilities, the faster they can resolve issues, reducing time to remediation and minimizing manual re-work. This enables organizations to develop and innovate quickly with complete peace of mind.

Earlier we introduced GitHub PR commenting, notifying developers when a specific PR introduces policy violations. We’ve expanded on this feature with PR line commenting for even more granularity, highlighting the exact line(s) of code that introduced the vulnerabilities or violations, and if available, an easy way to fix them.

Once you’re ready to merge a pull request, simply run a policy evaluation on the branch you are working on. We’ll automatically leave comments on the PR for new vulnerabilities that were introduced and show you the line(s) of code that brought them in. We’ll include an upgrade path or available remediation to resolve these issues and save you the hassle of additional research. How easy is that?

We’ve also added a summary comment for a consolidated view of all policy violations for a specific pull request. You can see all of the potential threats at a glance and quickly take the action to fix vulnerabilities or violations. You can also find out if any pre-existing violations were resolved as a result of your changes.

Want to take a deeper dive? Here is a quick video outlining our new PR line commenting in GitHub. See below for more details on both line and summary comments.

PR Line Comments

PR line comments contain the:

*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Kevin Miller. Read the original post at: