[dev] [carhartlewis] lewis/aikido-integration #1942
Conversation
PR SummaryAdds Aikido Security integration with three compliance checks and registers it; renames the 2FA task mapping to
Written by Cursor Bugbot for commit 28821fc. This will update automatically on new commits. Configure here. |
Graphite Automations"Auto-assign PRs to Author" took an action on this PR • (12/17/25)1 reviewer was added to this PR based on Mariano Fuentes's automation. |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
| const snoozedGroups: AikidoIssueGroup[] = []; | ||
| if (includeSnoozed) { | ||
| ctx.log('Note: Snoozed issues are not included in this check'); | ||
| } |
There was a problem hiding this comment.
Bug: Include snoozed option has no effect
The include_snoozed variable is exposed to users with help text stating "If enabled, snoozed issues will also be counted as open", but the implementation doesn't actually fetch snoozed issues. The code just initializes an empty snoozedGroups array and logs a note when the option is enabled, then spreads that empty array into allIssues. Users enabling this setting will expect snoozed issues to be included in the check, but the feature has no effect.
Additional Locations (1)
| const fixedVersion = issue.patched_versions?.[0]; | ||
| const remediation = fixedVersion | ||
| ? `Update ${issue.affected_package} to version ${fixedVersion}` | ||
| : 'Review the issue in Aikido and apply the recommended fix'; |
There was a problem hiding this comment.
Bug: Remediation message shows "undefined" when package missing
The remediation message uses issue.affected_package without checking if it's defined. According to the type definition, affected_package is optional (affected_package?: string), but patched_versions is also optional and checked independently. If an issue has patched_versions but no affected_package (possible for certain issue types like SAST or configuration issues), the remediation message would display "Update undefined to version X.Y.Z", which is confusing to users.
![graphite-app[bot]](https://avatars.githubusercontent.com/in/158384?s=60&v=4){kind=small}
| const response = await ctx.fetch<AikidoIssueGroup[] | AikidoIssueGroupsResponse>( | ||
| 'open-issue-groups', | ||
| { | ||
| params: { per_page: '100' }, | ||
| }, | ||
| ); |
There was a problem hiding this comment.
Pagination is not handled. Only the first 100 issue groups are fetched, so issues beyond that limit will not be reported.
This is a critical security check - if there are 101+ open security issues, only the first 100 will be detected and the rest will be silently ignored, potentially missing critical vulnerabilities.
// Need to implement pagination loop
let allIssueGroups: AikidoIssueGroup[] = [];
let page = 1;
let hasMore = true;
while (hasMore) {
const response = await ctx.fetch<AikidoIssueGroup[] | AikidoIssueGroupsResponse>(
'open-issue-groups',
{ params: { per_page: '100', page: String(page) } }
);
const groups = Array.isArray(response) ? response : (response.groups ?? response.issue_groups ?? []);
allIssueGroups = allIssueGroups.concat(groups);
hasMore = groups.length === 100;
page++;
}| const response = await ctx.fetch<AikidoIssueGroup[] | AikidoIssueGroupsResponse>( | |
| 'open-issue-groups', | |
| { | |
| params: { per_page: '100' }, | |
| }, | |
| ); | |
| let allIssueGroups: AikidoIssueGroup[] = []; | |
| let page = 1; | |
| let hasMore = true; | |
| while (hasMore) { | |
| const response = await ctx.fetch<AikidoIssueGroup[] | AikidoIssueGroupsResponse>( | |
| 'open-issue-groups', | |
| { | |
| params: { per_page: '100', page: String(page) }, | |
| }, | |
| ); | |
| const groups = Array.isArray(response) ? response : (response.groups ?? response.issue_groups ?? []); | |
| allIssueGroups = allIssueGroups.concat(groups); | |
| hasMore = groups.length === 100; | |
| page++; | |
| } |
Spotted by Graphite Agent
Is this helpful? React 👍 or 👎 to let us know.
This is an automated pull request to merge lewis/aikido-integration into dev.
It was created by the [Auto Pull Request] action.