Skip to content

Misc: Add script creating DCA source suites from MRVA #19232

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Misc: Add script creating DCA source suites from MRVA #19232

wants to merge 2 commits into from
+134 −0

Conversation

tausbn
Copy link
Contributor

@tausbn tausbn commented Apr 7, 2025

The script takes the URL of a MRVA exported Gist and uses it to produce a source suite compatible with DCA.

At present, you have to manually specify the language on the commandline, using the --language parameter.

Also supports --min and --max parameters if you want to limit the sources to ones with a bounded number of alerts.

@tausbn
Misc: Add script creating DCA source suites from MRVA
483cd92 
The script takes the URL of a MRVA exported Gist and uses it to produce
a source suite compatible with DCA.

At present, you have to manually specify the language on the
commandline, using the `--language` parameter.

Also supports `--min` and `--max` parameters if you want to limit the
sources to ones with a bounded number of alerts.
@tausbn tausbn added the no-change-note-required This PR does not need a change note label May 1, 2025
@tausbn tausbn marked this pull request as ready for review May 1, 2025 13:17
@Copilot Copilot AI review requested due to automatic review settings May 1, 2025 13:17
Copilot
Copilot AI reviewed May 1, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds a Python script to convert a MRVA-exported GitHub Gist into a DCA-compatible source suite, with support for specifying the analysis language and filtering by alert count.

  • Introduces mrva-to-dca-source-suite.py to clone a MRVA Gist, parse its summary, and generate a YAML source suite
  • Adds command-line arguments --language, --min, and --max
  • Implements parsing for repo alert counts and SHA extraction to populate the suite
Comments suppressed due to low confidence (3)

misc/scripts/mrva-to-dca-source-suite.py:6

  • The import defaultdict is never used in this script. Please remove it to avoid unused imports.
from collections import defaultdict

misc/scripts/mrva-to-dca-source-suite.py:56

  • [nitpick] The variable name d is ambiguous. Consider renaming it to alert_counts or a more descriptive name.
        d = {}

misc/scripts/mrva-to-dca-source-suite.py:108

  • The filtering logic for filtered_alerts (min/max bounds) isn't covered by existing tests; please add unit tests validating boundary conditions.
    filtered_alerts = {

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
no-change-note-required This PR does not need a change note
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@tausbn