Comment on page

Viewing results

Once the action is integrated with your repo, it will trigger scans on events such as push and pull requests. The results can be seen in the following interfaces: 1) GitHub PRs 2) CI logs

1) View results in GitHub Pull Requests

> Feedback inside PR comments

lstn will scan your project's dependencies and generate an automated comment on your pull request. This a top-level summary of the behaviours detected in the scan. For example:
lstn PR comment
For pull request events, scan results will appear in both a PR comment (similar to the one above) as well as the CI logs. For push events, scan results will only be viewable in the logs.

> Context, Prioritization and Recommendation

Expanding on the issues gives you a detailed view of the activities detected. This includes information such as:
  • Package info: name, version and nature of dependence (direct or transitive)
  • Priority: low, medium or critical
  • Context
    • description of activity (e.g. npm installed a process)
    • metadata (including execution trace, origin etc.)
    • Additional context to help you understand the activity better (e.g. if its a known behavior), why it exists, and how its relevant to you
  • Action or recommendation
Below is an example of a critical detection in expanded view:

> Code-level annotations (coming soon)

2) View results in CI logs

Results of scans in CI can also be viewed in GitHub workflow logs. In the example below, expanding on the workflow step labelled "Display lstn scan results" shows a summary in table form.
For information on policy enforcement, refer to the dedicated guide.

Last modified 7mo ago
© 2023 Garnet Labs