Skip to content

Handle suppressions#854

Merged
gh-worker-dd-mergequeue-cf854d[bot] merged 16 commits intomainfrom
julien/add-suppressions
Mar 23, 2026
Merged

Handle suppressions#854
gh-worker-dd-mergequeue-cf854d[bot] merged 16 commits intomainfrom
julien/add-suppressions

Conversation

@juli1
Copy link
Copy Markdown
Collaborator

@juli1 juli1 commented Mar 18, 2026

What problem are you trying to solve?

We want to keep suppressed violations and annotate them in the SARIF file.

What is your solution?

When a user ignore a violation using no-dd-sa, we are keeping the violation but annotate it as suppressed. In the SARIF file.

@juli1 juli1 requested a review from a team as a code owner March 18, 2026 14:45
@juli1 juli1 requested a review from Copilot March 18, 2026 14:46
@datadog-official

This comment has been minimized.

Sign in to view
Copilot AI reviewed Mar 18, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR introduces first-class support for inline suppression (no-dd-sa / datadog-disable) by keeping suppressed violations in the analysis results and emitting them as SARIF suppressions instead of dropping them entirely.

Changes:

  • Added an is_suppressed flag to the core Violation model and initialized it across constructors/tests.
  • Updated analysis ignore handling to mark violations as suppressed rather than removing them.
  • Updated SARIF generation to emit suppressions entries for suppressed violations.

Reviewed changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
crates/static-analysis-kernel/src/model/violation.rs Adds is_suppressed to the shared Violation model.
crates/static-analysis-kernel/src/analysis/ddsa_lib/js/violation.rs Initializes is_suppressed when converting JS violations into Rust model violations.
crates/static-analysis-kernel/src/analysis/analyze.rs Changes ignore behavior from filtering violations out to marking them suppressed; updates tests accordingly.
crates/cli/src/sarif/sarif_utils.rs Emits SARIF suppressions when a violation is marked suppressed; updates tests/fixtures.
crates/cli/src/rule_utils.rs Ensures converted secret results populate the new field.
crates/cli/src/file_utils.rs Updates tests/fixtures constructing Violation to include the new field.
crates/cli/src/csv.rs Updates CSV test fixture to include the new field.
AGENTS.md Adds repository overview and testing guidelines.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread crates/static-analysis-kernel/src/model/violation.rs
Comment thread crates/static-analysis-kernel/src/analysis/analyze.rs
jasonforal
jasonforal reviewed Mar 20, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@jasonforal jasonforal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added some line comments. We also need to carry this logic into the git hook.

Comment thread crates/cli/src/rule_utils.rs
Comment thread crates/bins/src/bin/datadog-static-analyzer.rs
Comment thread crates/cli/src/sarif/sarif_utils.rs Outdated
Comment thread crates/cli/src/sarif/sarif_utils.rs Outdated
Comment thread AGENTS.md
@juli1 juli1 requested a review from jasonforal March 23, 2026 17:03
jasonforal
jasonforal previously approved these changes Mar 23, 2026
View reviewed changes
Comment thread crates/bins/src/bin/datadog-static-analyzer.rs
@juli1
Copy link
Copy Markdown
Collaborator Author

juli1 commented Mar 23, 2026

/merge

@gh-worker-devflow-routing-ef8351
Copy link
Copy Markdown

gh-worker-devflow-routing-ef8351 Bot commented Mar 23, 2026
edited
Loading

View all feedbacks in Devflow UI.

2026-03-23 18:11:05 UTC ℹ️ Start processing command /merge

2026-03-23 18:11:14 UTC ℹ️ MergeQueue: waiting for PR to be ready

This pull request is not mergeable according to GitHub. Common reasons include pending required checks, missing approvals, or merge conflicts — but it could also be blocked by other repository rules or settings.
It will be added to the queue as soon as checks pass and/or get approvals. View in MergeQueue UI.
Note: if you pushed new commits since the last approval, you may need additional approval.
You can remove it from the waiting list with /remove command.

2026-03-23 21:41:07 UTC ℹ️ MergeQueue: merge request added to the queue

The expected merge time in main is approximately 21m (p90).

2026-03-23 21:59:25 UTC ℹ️ MergeQueue: This merge request was merged

@juli1 juli1 requested a review from jasonforal March 23, 2026 20:40
jasonforal
jasonforal previously approved these changes Mar 23, 2026
View reviewed changes
@juli1 juli1 requested a review from jasonforal March 23, 2026 21:40
@gh-worker-dd-mergequeue-cf854d gh-worker-dd-mergequeue-cf854d Bot merged commit 520429d into main Mar 23, 2026
105 of 108 checks passed
@gh-worker-dd-mergequeue-cf854d gh-worker-dd-mergequeue-cf854d Bot deleted the julien/add-suppressions branch March 23, 2026 21:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@jasonforal jasonforal jasonforal approved these changes

Assignees

No one assigned

Labels

mergequeue-status: done

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@juli1 @jasonforal