Opened 5 years ago
Last modified 4 months ago
#5637 accepted enhancement
Email alert to plugin committer when security scanner triggers a change
| Reported by: |
|
Owned by: |
|
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Component: | Plugin Directory | Keywords: | |
| Cc: |
Description
The plugin security scanner output is currently only seen by the plugin review team: https://make.wordpress.org/meta/2021/02/19/reducing-the-plugin-review-teams-workload-through-automation/
In order to get feedback on the scan quality, and also to help plugin developers improve their code, we should email an alert to developers when their commit causes a new error in the scan.
Scans should be run with warnings suppressed. I'm not sure whether it's better to only include the new warning, or to simply send the entire output - we probably need to experiment with that.
Change History (2)
Note: See
TracTickets for help on using
tickets.
I'm working on this over here: https://github.com/WordPress/wporg-code-analysis/pull/18