Open Shweta4398 opened 1 year ago
xendk
commented
1 year ago Would be a nice feature, but it depends on your workflow. In our case, it would be more handy if handling the Jira ticket would close the Dependabot alert as we handle the issues in Jira.
We have no current plans to implement something along these lines, but PRs are welcome.
markstos
commented
1 year ago @xendk Does it work now that closing the Jira issue closes the dependabot issue? I didnt' see that feature mentioned in the README.
xendk
commented
1 year ago @markstos No, I was just thinking it would be handier for us than the other way around as suggested by the OP.
markstos
commented
1 year ago If there's no two-way connection, then doesn't this tool cause double the items to track-- all the alerts exist both dependabot and Jira? Or is the idea that you just ignore the dependabot alerts piling up, or manually delete them periodically?
xendk
commented
1 year ago Dependabot closes its issues when the issue is fixed. So if you close the issue in Jira when you've dealt with it, then the dependabot listing only contains the ones you've decided to ignore. Some might consider this a feature.
This tool was built because dependabot alerts was poorly dealt with. In some companies Jira issues has higher visibility (I'd love to have customers and project managers actively following Github security issues, but this is not the reality I'm living in).
markstos
commented
1 year ago @xendk Thanks for the explanation. My company also uses Jira and not Github issues, so it may also help us.
Hello Team,
I am reaching out to you regarding a new issue that we have encountered. Actually , we wanted a way where-in when the dependabot alerts get closed from the security tab in GHAS automatically the Jira tickets which is created using dependabot-workflow should also be closed.
Can you please help us with it.
Thanks, Shweta.