Need the policy for critical only issyes #41

karthikboncheruuvu · 2023-07-24T16:26:42Z

karthikboncheruuvu
Jul 24, 2023

Hi ..Hope you are doing well.

i need ur suggestion on what to be used for codeql and dependabot policies to identify or break the loop for only critical issues.

we were using it as error, but it shows both critical and high..
i need only critical issues to break the loop

kindly suggest at the earliest..

Answered by Pradoxzon

Jul 24, 2023

The 'error' level will include all 'error', 'high', and 'critical' severity alerts by design. Could you just specify 'critical' instead of 'error' in your policy? That would limit it to only 'critical' alerts.

View full answer

Pradoxzon · 2023-07-24T20:45:38Z

Pradoxzon
Jul 24, 2023

The 'error' level will include all 'error', 'high', and 'critical' severity alerts by design. Could you just specify 'critical' instead of 'error' in your policy? That would limit it to only 'critical' alerts.

2 replies

GeekMasher Jul 26, 2023
Maintainer

@Pradoxzon is correct, you can set codescanning and dependabot severity levels to critical and it will only break on critical alerts. The default policy is the following.

The order is here.

karthikboncheruuvu Jul 28, 2023
Author

it works

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Need the policy for critical only issyes #41

{{title}}

Replies: 1 comment 2 replies

{{title}}

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

Select a reply

Need the policy for critical only issyes #41

karthikboncheruuvu Jul 24, 2023

Replies: 1 comment · 2 replies

Pradoxzon Jul 24, 2023

GeekMasher Jul 26, 2023 Maintainer

karthikboncheruuvu Jul 28, 2023 Author

karthikboncheruuvu
Jul 24, 2023

Replies: 1 comment 2 replies

Pradoxzon
Jul 24, 2023

GeekMasher Jul 26, 2023
Maintainer

karthikboncheruuvu Jul 28, 2023
Author