Closed pavelt-addepar closed 3 months ago
Thank you - we are covering this as part of #1287. We definitely agree that you should have the ability to define your own severity levels.
Closing as duplicate
Thank you for the response, I'll keep an eye on that ticket
This is mostly relevant to security scans than code quality scans, but it would be good if we could override the severity/score of a rule - for example if I wanted to report all SQLInjection results as CVSS 10.0 and XSS as CVSS 9.0. At the moment, the scanner returns 1-3 (High/Medium/Low) and there is no way (that I've found) to even modify that - in short, severity for each finding is hardcoded.
PMD offers something similar where you can set the priority of a rule in its XML, but it's not possible to set those options for the PMD-AppExchange engine.
Describe the solution that you want:
Ideally, we could pass a "mapping" file as an argument which will look something like this:
After the scan and before generating the output, it could update its findings with the mapping above. The file doesn't have to be
yaml
, this is just for illustration.Describe alternatives that you've considered: None
Additional Context: N/A
Workaround:
At the moment we use a script to parse and update the results.
Urgency: Highly Beneficial