Comment on page
Viewing results
Once the action is integrated with your repo, it will trigger scans on events such as push and pull requests. The results can be seen in the following interfaces: 1) GitHub PRs 2) CI logs
lstn will scan your project's dependencies and generate an automated comment on your pull request. This a top-level summary of the behaviours detected in the scan. For example:
lstn PR comment
For pull request events, scan results will appear in both a PR comment (similar to the one above) as well as the CI logs. For push events, scan results will only be viewable in the logs.
Expanding on the issues gives you a detailed view of the activities detected. This includes information such as:
- Package info: name, version and nature of dependence (direct or transitive)
- Priority: low, medium or critical
- Context
- description of activity (e.g.
npm installed a process) - metadata (including execution trace, origin etc.)
- Additional context to help you understand the activity better (e.g. if its a known behavior), why it exists, and how its relevant to you
- Action or recommendation
Below is an example of a critical detection in expanded view:
Results of scans in CI can also be viewed in GitHub workflow logs. In the example below, expanding on the workflow step labelled "Display lstn scan results" shows a summary in table form.
- In the below case, it can be seen that
[email protected]and[email protected]displayed behavioural activities which include process spawns and outbound network connections.
Last modified 7mo ago