- Notifications
You must be signed in to change notification settings - Fork2.9k
Update CreateNote.java to use attestations instead of vulnerabilities#10177
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
base:main
Are you sure you want to change the base?
Uh oh!
There was an error while loading.Please reload this page.
Conversation
Update custom note creation code samples (as seen inhttps://cloud.google.com/artifact-analysis/docs/create-notes-occurrences#artifact-analysis-create-note-java) to use attestations instead of vulnerabilities, to align with the changes needed for go/aa-deprecate-3p-metadata.
Summary of ChangesHello@lvoelz, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request updates a Java code sample ( Highlights
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on ourdocumentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on@gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign uphere. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with theGemini Code Assist IDE Extension. Footnotes
|
Warning Gemini encountered an error creating the review. You can try again by commenting |
iennae commentedOct 28, 2025
/gemini review |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Code Review
This pull request updates theCreateNote.java code sample to useAttestationNote instead ofVulnerabilityNote, which aligns with the stated goal. The code change itself is correct. However, I've noticed that a related code comment was not updated, creating an inconsistency. My review includes a suggestion to fix this for better code clarity.
| .setKind(Version.VersionKind.MINIMUM)) | ||
| .setAffectedVersionEnd(Version.newBuilder() | ||
| .setKind(Version.VersionKind.MAXIMUM)))) | ||
| .setAttestation(AttestationNote.newBuilder() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
The code has been updated to useAttestationNote, but the comment on the preceding line (43) is now outdated as it still refers to 'vulnerability'. To maintain code clarity and prevent confusion, please update the comment to reflect that an 'attestation' note is being created.
Suggested change for line 43:
// Here, we use the type "attestation"
Update custom note creation code samples (as seen inhttps://cloud.google.com/artifact-analysis/docs/create-notes-occurrences#artifact-analysis-create-note-java) to use attestations instead of vulnerabilities, to align with the changes needed for go/aa-deprecate-3p-metadata.