CodeQL Findings Should be Reported in Filename Order in Pull Requests

[davewichers]

Select Topic Area

Product Feedback

Body

When running CodeQL on a PR, and then reporting the CodeQL findings in the PR Conversation, please sort the reported CodeQL findings by filename so that:

1. All the CodeQL findings for a file are listed together per file,
2. If there are multiple CodeQL findings for 1 file, they should be listed in line number order from lowest to highest
3. The CodeQL findings are reported in file order alphabetically, to match the same order the file changes are listed on the Files Changed tab.

For example, if you had files Foo1 through Foo5 added or changed, the CodeQL findings should be ordered from file Foo1 through Foo5. Right now I'm seeing examples like CodeQL finding in: File2, then File5, then File1, then another in File5, then File3, etc. which is very confusing.

[davewichers]

@tsukipond8531- Thanks for the feedback on this. Your comment was marked as spam for some reason. I don't know why. I'm not asking HOW to do this, I'm trying to provide feedback to GitHub directly that THEY should do this when a project enables CodeQL analysis via the project's security configuration. You can see I marked this with 'Product Feedback'. Is this how you provide feedback like this to GitHub? I tried using the support email, and they redirected me here. Is anyone from GitHub itself monitoring these discussions?

[jketema]

Hi @davewichers,

We accidentally transferred the issue you created for this to a private repo, apologies for this. Unfortunately it cannot be transferred back, as private to public transfers are not possible. Your suggestion is a sensible one though, and we'll take it into consideration.