Update PR comments after alert has been triaged#43
Draft
Conversation
Fetch triage entries from Socket API after scan submission, remove alerts with ignore/monitor state from results, regenerate connector notifications with filtered components, and inject a triage count summary into GitHub PR comments. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Log an info-level message instead of an error traceback when the Socket API token lacks triage permissions, and skip filtering so the scan completes normally with all findings intact. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Always replace results['notifications'] after triage filtering so pre-filter content is never forwarded to notifiers. Skip PR comment API calls when content is unchanged. Add info-level logging for triaged/remaining finding counts and connector regeneration details. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The triage API returns opaque alert_key hashes, not human-readable identifiers. This rewrites the matching logic to stream the full scan via sdk.fullscans.stream(), cross-reference Socket alert keys against triage entries, and map back to local components by artifact ID. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Fetch triage entries from Socket API after scan submission, remove alerts with ignore/monitor state from results, regenerate connector notifications with filtered components, and inject a triage count summary into GitHub PR comments. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Log an info-level message instead of an error traceback when the Socket API token lacks triage permissions, and skip filtering so the scan completes normally with all findings intact. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Always replace results['notifications'] after triage filtering so pre-filter content is never forwarded to notifiers. Skip PR comment API calls when content is unchanged. Add info-level logging for triaged/remaining finding counts and connector regeneration details. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The triage API returns opaque alert_key hashes, not human-readable identifiers. This rewrites the matching logic to stream the full scan via sdk.fullscans.stream(), cross-reference Socket alert keys against triage entries, and map back to local components by artifact ID. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…/github.com/SocketDev/socket-basics into carl/update-pr-comments-with-triaged-alerts
Fetch triage entries from Socket API after scan submission, remove alerts with ignore/monitor state from results, regenerate connector notifications with filtered components, and inject a triage count summary into GitHub PR comments. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Log an info-level message instead of an error traceback when the Socket API token lacks triage permissions, and skip filtering so the scan completes normally with all findings intact. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Always replace results['notifications'] after triage filtering so pre-filter content is never forwarded to notifiers. Skip PR comment API calls when content is unchanged. Add info-level logging for triaged/remaining finding counts and connector regeneration details. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The triage API returns opaque alert_key hashes, not human-readable identifiers. This rewrites the matching logic to stream the full scan via sdk.fullscans.stream(), cross-reference Socket alert keys against triage entries, and map back to local components by artifact ID. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…/github.com/SocketDev/socket-basics into carl/update-pr-comments-with-triaged-alerts
The CreateFullScanREsponse object is used here and `id` and `html_url` are actually nested in the `data` field, not on the root of the object. `html_url` should also be `html_report_url`
…ts-with-triaged-alerts
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR adds the ability for Socket Basics to update an existing Socket Basics PR comment after alerts have been triaged in the Socket dashboard.
The problem
When a user triages any Socket Basics alert in the Socket Dashboard the PR(s) that include a Socket Basics comment including the alerts are not updated (even when the Socket Basics workflow is re-run).
This means as a developer working in a repository where Socket is adding comments I will not be updated if the discovered issue has been triaged to
ignore.Fixes CE-81