Introduce org setting enable_security_scan #591
Conversation
Codecov Report
@@ Coverage Diff @@
## master #591 +/- ##
============================================
- Coverage 99.14% 99.11% -0.03%
- Complexity 1910 1923 +13
============================================
Files 301 304 +3
Lines 6072 6117 +45
============================================
+ Hits 6020 6063 +43
- Misses 52 54 +2
Continue to review full report at Codecov.
|
| @@ -256,6 +261,11 @@ public function changeAnonymousAccess(bool $hasAnonymousAccess): void | |||
| $this->hasAnonymousAccess = $hasAnonymousAccess; | |||
| } | |||
|
|
|||
| public function enableSecurityScan(bool $enableSecurityScan): void | |||
There was a problem hiding this comment.
| public function enableSecurityScan(bool $enableSecurityScan): void | |
| public function changeSecurityScanAvailability(bool $enabled): void |
?
| @@ -93,4 +95,9 @@ public function hasAnonymousAccess(): bool | |||
| { | |||
| return $this->hasAnonymousAccess; | |||
| } | |||
|
|
|||
| public function isSecurityScanEnabled(): bool | |||
There was a problem hiding this comment.
Could all methods/properties referring security scan be unified?
There was a problem hiding this comment.
I can't follow. What do you mean by "unified"? Can you give a better example?
| @@ -29,7 +29,8 @@ public function __invoke(AddPackage $message): void | |||
| $message->type(), | |||
| $message->url(), | |||
| $message->metadata(), | |||
| $message->keepLastReleases() | |||
| $message->keepLastReleases(), | |||
| $message->hasSecurityScanEnabled() | |||
There was a problem hiding this comment.
You have the organization here in the handler, you do not have to pass this feature through a message object.
$organization = $this->organization->getById(Uuid::fromString($message->organizationId()));
$organization->addPackage(new Package(..., $organization->hasEnabledSecurityScan()));| use Ramsey\Uuid\Uuid; | ||
| use Symfony\Component\Messenger\Handler\MessageHandlerInterface; | ||
|
|
||
| final class EnableSecurityScanHandler implements MessageHandlerInterface |
There was a problem hiding this comment.
| final class EnableSecurityScanHandler implements MessageHandlerInterface | |
| final class ChangeSecurityScanConfigurationHandler implements MessageHandlerInterface |
|
Any update on this? |
|
good question ;) Sadly I completely lost track of this issue due to a lot of other things I had to focus on. Let me know which of the findings need to be fixed before the PR can be merged and I'll see that I can take care soonish. |
As discussed in #575 introduce a setting for the organization to define the default for new packages.
When a new organization is created the default value for the
enable_security_scanconfiguration is true to stick to the previous defaults. The setting can be changed afterward in the respective form like this:When a new package is created the default value for
enable_security_scanflag on the package level is set to the value defined in the organization settings.As you can see in the screenshot above, changing the setting on the organization level does not change the settings for all packages of that organization. It just will change the default value for newly created packages.