You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/semgrep-code/triage-remediation.md
+32-25Lines changed: 32 additions & 25 deletions
Original file line number
Diff line number
Diff line change
@@ -16,6 +16,7 @@ import TabItem from '@theme/TabItem';
16
16
# Triage and remediate findings
17
17
18
18
import TriageStatuses from "/src/components/reference/_triage-states.mdx"
19
+
import TriageReason from "/src/components/reference/_triage-reason.mdx"
19
20
import RemoveRuleset from "/src/components/procedure/_remove-ruleset.mdx"
20
21
import IgnoreIndividualFindingNoGrouping from "/src/components/procedure/_ignore-individual-finding-no-grouping.mdx"
21
22
@@ -143,6 +144,7 @@ Triage your Semgrep AppSec Platform findings displayed as comments in GitHub PRs
143
144
<Tabs
144
145
defaultValue="gh"
145
146
values={[
147
+
{label: 'Azure DevOps', value: 'ado'},
146
148
{label: 'GitHub', value: 'gh'},
147
149
{label: 'GitLab', value: 'gl'}
148
150
]}
@@ -173,6 +175,29 @@ You can also reopen a finding that was previously ignored. To do so, in step 2.
173
175
174
176
</TabItem> -->
175
177
178
+
<TabItemvalue='ado'>
179
+
180
+
### Prerequisites
181
+
182
+
- You have one or more repositories hosted by Azure DevOps Cloud.
183
+
- You have completed a [Semgrep core deployment](/deployment/core-deployment).
184
+
185
+
### Enable triage through Azure DevOps PR comments
186
+
187
+
1. Sign in to Semgrep, and go to your organization's [Settings](https://semgrep.dev/orgs/-/settings) page.
188
+
2. Under **Code (SAST)**, click the **Triage via code review comments** <iclass="fa-solid fa-toggle-large-on"></i> toggle to turn on this feature.
189
+
190
+
### Triage a finding
191
+
192
+
1. Find an open comment created by Semgrep in your pull request:
193
+
194
+
2. In a subsequent comment, reply with the action you want to take. You must provide a reason to help the reader understand why the finding has been triaged as ignored:
195
+
<TriageReason />
196
+
197
+
Triaging a finding as **Ignored** through a comment in Azure DevOps changes the status of the finding to **Ignored** in Semgrep AppSec Platform. However, the Azure DevOps conversation itself is **not** automatically resolved by this process.
198
+
199
+
</TabItem>
200
+
176
201
<TabItemvalue='gh'>
177
202
178
203
### Prerequisites
@@ -181,30 +206,21 @@ You can also reopen a finding that was previously ignored. To do so, in step 2.
181
206
182
207
### Enable triage through GitHub PR comments:
183
208
184
-
To enable triage through comments:
185
-
186
209
1. In Semgrep AppSec Platform, go to your organization's [Settings](https://semgrep.dev/orgs/-/settings) page.
187
210
2. Under **Code (SAST)**, click the **Triage via code review comments** <iclass="fa-solid fa-toggle-large-on"></i> toggle to turn on this feature.
188
211
189
-
To triage a finding:
212
+
### Triage a finding
190
213
191
214
1. Find an open comment created by Semgrep AppSec Platform in your pull request or merge request:
192
215
193
216
2. In a subsequent comment, reply with the action you want to take. You must provide a **reason** to help the reader understand why the finding has been triaged as **ignored**:
194
-
195
-
| Comment | Description |
196
-
| - | - |
197
-
| <code>/fp <spanclassName="placeholder"><REASON></span></code> | Triage a finding as **Ignored** with the triage reason **false positive**. |
198
-
| <code>/ar <spanclassName="placeholder"><REASON></span></code> | Triage a finding as **Ignored** with the triage reason **acceptable risk**. |
199
-
| <code>/other <spanclassName="placeholder"><REASON></span></code> | Triage a finding as **Ignored** without specifying the reason; the triage reason value is set to **No triage reason**. |
200
-
| <code>/open <spanclassName="placeholder"><REASON></span></code> | Reopen a finding that has been triaged as **Ignored**. The comment is optional. |
Semgrep supports older versions of this functionality that used the following commands:
204
220
- <code>/semgrep ignore <spanclassName="placeholder"><REASON></span></code> - triage a finding as **Ignored**.
205
221
- <code>/semgrep open <spanclassName="placeholder"><REASON></span></code> - reopen a finding that has been triaged as **Ignored**.
206
222
207
-
Triaging a finding as **Ignored** through a comment in GitHub changes the status of the finding to **Ignored** in the Semgrep AppSec Platform. However, the GitHub conversation itself is not automatically resolved by this process.
223
+
Triaging a finding as **Ignored** through a comment in GitHub changes the status of the finding to **Ignored** in Semgrep AppSec Platform. However, the GitHub conversation itself is **not** automatically resolved by this process.
208
224
209
225
</TabItem>
210
226
<TabItemvalue='gl'>
@@ -213,29 +229,20 @@ Triaging a finding as **Ignored** through a comment in GitHub changes the status
213
229
- A repository hosted by GitLab. Semgrep supports the use of both GitLab.com and GitLab self-managed plans.
214
230
- You have completed a [Semgrep core deployment](/deployment/core-deployment).
215
231
216
-
### Enable triage through GitLab MR comments:
217
-
218
-
To enable triage through comments:
232
+
### Enable triage through GitLab MR comments
219
233
220
234
1. In Semgrep AppSec Platform, go to your organization's [Settings](https://semgrep.dev/orgs/-/settings) page.
221
235
2. Under **Code (SAST)**, click the **Triage via code review comments** <iclass="fa-solid fa-toggle-large-on"></i> toggle to turn on this feature.
222
236
223
-
To triage a finding:
237
+
### Triage a finding
224
238
225
239
1. Find an open comment created by Semgrep AppSec Platform in your pull request or merge request:
226
240
227
241
228
242
2. In a subsequent comment, reply with the corresponds with the action you want to take. If necessary, ensure that you substitute the colored placeholder `<REASON>` with text to help the reader understand why the finding has been triaged as **ignored**:
243
+
<TriageReason />
229
244
230
-
| Comment | Description |
231
-
| - | - |
232
-
| <code>/fp <spanclassName="placeholder"><REASON></span></code> | Triage a finding as **Ignored** with the triage reason **false positive**. |
233
-
| <code>/ar <spanclassName="placeholder"><REASON></span></code> | Triage a finding as **Ignored** with the triage reason **acceptable risk**. |
234
-
| <code>/other <spanclassName="placeholder"><REASON></span></code> | Triage a finding as **Ignored** without specifying the reason; the triage reason value is set to **No triage reason**. |
235
-
| <code>/open <spanclassName="placeholder"><REASON></span></code> | Reopen a finding that has been triaged as **Ignored**. The comment is optional. |
Triaging a finding as **Ignored** through a comment in GitLab changes the status of the finding to **Ignored** in the Semgrep AppSec Platform. However, the GitLab conversation itself is not automatically resolved by this process.
245
+
Triaging a finding as **Ignored** through a comment in GitLab changes the status of the finding to **Ignored** in Semgrep AppSec Platform. However, the GitLab conversation itself is **not** automatically resolved by this process.
| <code>/fp <spanclassName="placeholder"><REASON></span></code> | Triage a finding as **Ignored** with the triage reason **false positive**. |
4
+
| <code>/ar <spanclassName="placeholder"><REASON></span></code> | Triage a finding as **Ignored** with the triage reason **acceptable risk**. |
5
+
| <code>/other <spanclassName="placeholder"><REASON></span></code> | Triage a finding as **Ignored** without specifying the reason; the triage reason value is set to **No triage reason**. |
6
+
| <code>/open <spanclassName="placeholder"><REASON></span></code> | Reopen a finding that has been triaged as **Ignored**. The comment is optional. |
0 commit comments