Skip to main content Link Menu Expand (external link) Document Search Copy Copied
SASTisfaction

Metrics

SASTisfaction collects some data for analytics purposes:

  • runtime errors of the Github App
  • Github webhook information, including a link to the PR that triggered the code scan
  • static analysis rule violations and their code locations
  • code scan duration
  • interactions with SASTisfaction comments

Permissions

permissions screenshot

The Github app requests the following permissions:

  • read/write access to checks
    • used to update the list of checks that are performed on a PR
  • read/write access to content
    • used to perform a shallow clone of the PR to be analyzed locally by semgrep
  • read/write access to discussions
    • used to collect interactions with comments made on PRs
    • SASTisfaction interact with these comments and also uses them to gauge issue validity
  • read-only to metadata
    • a required permission of all GH apps
  • read/write to pull requests
    • used to know when a pull request is made on the repo