Misc: Add script creating DCA source suites from MRVA#19232
Open
Misc: Add script creating DCA source suites from MRVA#19232
Conversation
The script takes the URL of a MRVA exported Gist and uses it to produce a source suite compatible with DCA. At present, you have to manually specify the language on the commandline, using the `--language` parameter. Also supports `--min` and `--max` parameters if you want to limit the sources to ones with a bounded number of alerts.
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR adds a Python script to convert a MRVA-exported GitHub Gist into a DCA-compatible source suite, with support for specifying the analysis language and filtering by alert count.
- Introduces
mrva-to-dca-source-suite.pyto clone a MRVA Gist, parse its summary, and generate a YAML source suite - Adds command-line arguments
--language,--min, and--max - Implements parsing for repo alert counts and SHA extraction to populate the suite
Comments suppressed due to low confidence (3)
misc/scripts/mrva-to-dca-source-suite.py:6
- The import
defaultdictis never used in this script. Please remove it to avoid unused imports.
from collections import defaultdict
misc/scripts/mrva-to-dca-source-suite.py:56
- [nitpick] The variable name
dis ambiguous. Consider renaming it toalert_countsor a more descriptive name.
d = {}
misc/scripts/mrva-to-dca-source-suite.py:108
- The filtering logic for
filtered_alerts(min/max bounds) isn't covered by existing tests; please add unit tests validating boundary conditions.
filtered_alerts = {
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The script takes the URL of a MRVA exported Gist and uses it to produce a source suite compatible with DCA.
At present, you have to manually specify the language on the commandline, using the
--languageparameter.Also supports
--minand--maxparameters if you want to limit the sources to ones with a bounded number of alerts.