[ENHANCEMENT] the PR is not decorated with the summary of vulnerabilities

[alex46300]

Describe the bug

When we launch a triggered scan on a PR via a github-action (workflow.yml), the PR is not decorated with the summary of vulnerabilities reported by SAST / SCA / KICS

Part of workflow.yml

- name: Checkmarx AST Github Action
  uses: Checkmarx/ast-github-action@main
  with:
    project_name: ${{ github.event.repository.name }}
    cx_tenant: ****
    base_uri: ****
    cx_client_id: ${{ steps.secrets.outputs.client-id }}
    cx_client_secret: ${{ steps.secrets.outputs.client-secret }}
    # scan_types: sast,kics,sca 
    additional_params: >-
      --tags product_id:123456789-123456-789654123

Expected behavior

[jbrotsos]

Hey @alex46300 , this is currently a limitation on how we decorate PRs. For AST, it has to done with the Import Project wizard. We have plans to support this in a few months (ETA April/May).

[alex46300]

Hello @jbrotsos , I understand you didn't implement the feature for PRs but it is a regression/bug for me because we use this feature with cxfow and CxSAST platform and we are now stuck in the integration of scan results into the team process.

[robemmerson]

Hey @jbrotsos, is there a confirmed date for implementing this functionality in AST/this action?

[jbrotsos]

@pedrompflopes can we close this? this has been updated in a previous release.

[pedrompflopes]

@jbrotsos @robemmerson @alex46300

This feature was released in the new version.

https://github.com/Checkmarx/ast-github-action/releases/tag/2.0.9

Please use it and find you have questions reach out to us.