Skip to content

Beta version of Security feedback in Sigrid CI #750

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
dennis-sig wants to merge 9 commits into
base: main
Choose a base branch
from
Draft

Beta version of Security feedback in Sigrid CI #750

dennis-sig wants to merge 9 commits into from

Conversation

@dennis-sig
Copy link
Contributor

@dennis-sig dennis-sig commented Nov 21, 2025

No description provided.

@dennis-sig dennis-sig self-assigned this Nov 21, 2025
@dennis-sig dennis-sig marked this pull request as draft November 21, 2025 06:51
@github-actions
Copy link

github-actions bot commented Nov 21, 2025
edited
Loading

Sigrid maintainability feedback

✅ You wrote maintainable code and achieved your objective of 3.5 stars

Show details

Sigrid compared your code against the baseline of 2025-11-20.

👍 What went well?

You fixed or improved 3 refactoring candidates.

Risk System property Location
🟡 Unit Complexity
(Fixed)		 src/reports/security_markdown_report.py
SecurityMarkdownReport.getFixedFindings(feedback)
🟡 Unit Complexity
(Fixed)		 src/reports/security_markdown_report.py
SecurityMarkdownReport.getIntroducedFindings(feedback,rules)
🟡 Unit Interfacing
(Fixed)		 src/reports/security_markdown_report.py
SecurityMarkdownReport.generateFindingsTable(findings,rules,options)

👎 What could be better?

Unfortunately, 6 refactoring candidates were introduced or got worse.

Risk System property Location
🟠 Module Coupling
(Worsened)		 src/reports/report.py
🟡 Unit Size
(Worsened)		 src/reports/security_markdown_report.py
SecurityMarkdownReport.renderMarkdown(analysisId,feedback,options)
🟡 Unit Interfacing
(Worsened)		 src/reports/security_markdown_report.py
SecurityMarkdownReport.renderMarkdown(analysisId,feedback,options)
🟡 Unit Interfacing
(Introduced)		 src/reports/osh_text_report.py
OpenSourceHealthTextReport.generate(analysisId,feedback,options)
🟡 Unit Interfacing
(Introduced)		 src/reports/security_text_report.py
SecurityTextReport.generate(analysisId,feedback,options)
🟡 Unit Interfacing
(Worsened)		 src/reports/report.py
MarkdownRenderer.renderMarkdownTemplate(feedback,options,details,sigridLink)

📚 Remaining technical debt

14 refactoring candidates didn't get better or worse, but are still present in the code you touched.

View this system in Sigrid to explore your technical debt

⭐️ Sigrid ratings

System property System on 2025-11-20 Before changes New/changed code
Volume 5.5 N/A N/A
Duplication 5.5 5.5 5.5
Unit Size 4.6 4.7 4.8
Unit Complexity 3.8 4.0 4.5
Unit Interfacing 2.2 2.3 2.3
Module Coupling 3.1 2.0 2.2
Component Independence 0.6 N/A N/A
Component Entanglement 1.7 N/A N/A
Maintainability 3.6 3.7 3.9

💬 Did you find this feedback helpful?

We would like to know your thoughts to make Sigrid better.
Your username will remain confidential throughout the process.

View this system in Sigrid

Sigrid Open Source Health feedback

✅ You achieved your objective of having no open source vulnerabilities.

Show details

Sigrid compared your code against the baseline of 2025-11-20.

View this system in Sigrid

Dennis Bijlsma added 3 commits November 21, 2025 07:58
Enable security (which won't work yet).
48147c1
Merge branch 'main' of github.com:Software-Improvement-Group/sigridci…
b9084d4 
… into security-ci

# Conflicts:
#	sigridci/sigridci/capability.py
#	sigridci/sigridci/reports/security_markdown_report.py
Update Security CI feedback based on Cheer's design.
5061c2e
@sonarqubecloud
Copy link

sonarqubecloud bot commented Dec 2, 2025

Quality Gate Passed Quality Gate passed

Issues
17 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@dennis-sig dennis-sig

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dennis-sig