Skip to content

FAQ

Pull Requests

How do I control when pull request status checks pass or fail?

Pull request status checks will fail when all of the following are true:

  1. One or more CRITICAL or HIGH findings are found in the pull request. This can be configured. See below.
  2. The findings in the head branch of the pull request differ from the findings in the base branch.

The logic behind (1) is that you probably don't care about MEDIUM and LOW severity findings enough to block the pull request.

The logic behind (2) is that if the pull request is not altering the security posture of your code, there is not a reason to fail the pull request status check. For example, if the PR is a change to a README, there is no reason to fail the PR status check.

How do I control the pull request status check thresholds?

Place a file .soluble/config.yml in your repository.

In it, add the following:

pr_status_thresholds:
  critical: 0
  high: 0
  medium: 999
  low: 999

You can adjust these default values to suit your needs.

When are pull request comments added?

Pull request comments are added when both of the following are true:

  1. There is a change in findings between the feature and base branch. If the pull request didn't alter the findings, there will be no comment added.
  2. The pull request commit status check was set to failed. By default, PR status checks will be set to failed status if there are one or more critical or high findings.

We are trying to minimize to total amount of noise from pull request comments. It is very helpful to have them, but can be quite irritating if there are too many.

Pull request comments can be disabled entirely.

How do I enable/disable pull request comments?

In your repo, add a file .soluble/config.yml. Inside that file set pr_comments_enabled to false:

pr_comments_enabled: false

This will disable pull request comments for this repo.

Git Providers

Do you support GitLab?

Not yet. We plan to soon.

Do you support BitBucket?

Not yet. We plan to soon.