Skip to content

Commit

Permalink
SAST: no longer skip "neutral" checks (#1237)
Browse files Browse the repository at this point in the history
Some SASTs like LGTM don't analyze PRs where code hasn't been changed,
which leads to their status being "neutral" there.

It's a follow up to #1232 (comment)

I'm not sure what to do about one-offs like the one
mentioned in #1232 (comment)
that shouldn't affect the aggregate score but it can probably
be fixed later.
  • Loading branch information
evverx authored Nov 10, 2021
1 parent 6a2fb2e commit 5524c97
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion checks/sast.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,8 @@ const CheckSAST = "SAST"

var sastTools = map[string]bool{"github-code-scanning": true, "lgtm-com": true, "sonarcloud": true}

var allowedConclusions = map[string]bool{"success": true, "neutral": true}

//nolint:gochecknoinits
func init() {
registerCheck(CheckSAST, SAST)
Expand Down Expand Up @@ -132,7 +134,7 @@ func sastToolInCheckRuns(c *checker.CheckRequest) (int, error) {
if cr.Status != "completed" {
continue
}
if cr.Conclusion != "success" {
if !allowedConclusions[cr.Conclusion] {
continue
}
if sastTools[cr.App.Slug] {
Expand Down

0 comments on commit 5524c97

Please sign in to comment.