-
Notifications
You must be signed in to change notification settings - Fork 2k
fix(container-analysis): Update createNote.js to replace vulnerability with attestation #4182
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
In line with b/411423334, replace references to storing vulnerabilities with storing attestations in the Artifact Analysis documentation, including code samples.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Summary of Changes
Hello @lvoelz, I'm Gemini Code Assist1 ! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!
This pull request updates a JavaScript code sample (createNote.js) within the Google Cloud Artifact Analysis documentation. The primary goal is to modernize the example by replacing references and code for creating notes about software vulnerabilities with those for creating notes about attestations. This ensures the documentation provides accurate and up-to-date guidance for users interacting with the Artifact Analysis service.
Highlights
- Documentation Update: The
createNote.jscode sample, used in Artifact Analysis documentation, has been updated to reflect current practices. - Vulnerability to Attestation: The code now demonstrates creating notes for "attestations" instead of "vulnerabilities", aligning with updated terminology and functionality.
- Code Sample Refinement: The
noteobject structure was modified, replacing thevulnerabilityfield with anattestationfield, including ahumanReadableNamehint.
Using Gemini Code Assist
The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.
Invoking Gemini
You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.
| Feature | Command | Description |
|---|---|---|
| Code Review | /gemini review |
Performs a code review for the current pull request in its current state. |
| Pull Request Summary | /gemini summary |
Provides a summary of the current pull request in its current state. |
| Comment | @gemini-code-assist | Responds in comments when explicitly tagged, both in issue comments and review comments. |
| Help | /gemini help |
Displays a list of available commands. |
Customization
To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.
Limitations & Feedback
Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.
You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.
Footnotes
-
Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Code Review
This pull request updates the createNote.js sample to create an attestation note instead of a vulnerability note. While the change correctly replaces the note type, it introduces a critical issue by using an undefined variable attestationAuthorityName, which will cause the script to fail at runtime. I have provided a specific comment with a suggestion to resolve this.
changed variable to string Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
briandorsey
commented
Sep 12, 2025
Updated the PR title to make the "conventionalcommits" check happy.
@briandorsey
briandorsey
left a comment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM from a samples perspective. Author is subject matter expert in container-analysis.
cff0d81
into
GoogleCloudPlatform:main
@wkozlik
wkozlik
left a comment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Update createNote.js to replace references to storing vulnerabilities with storing attestations in the Artifact Analysis documentation, including code samples. The updated code sample will appear in https://cloud.google.com/artifact-analysis/docs/create-notes-occurrences and any other topics that reference it in the google cloud documentation. Additional pull requests will be sent to update the equivalent code samples for Go, Java, Python, and Ruby.