Why can I not see PR/MR comments on my CI platform? I have created my CI config file correctly as well as I have installed the Semgrep app onto my organization. I am able to get email notifications working but not with the others.
The first way to make sure that you are receiving PR/MR comments is to make sure that your CI config file has the correct rule that allows for PR/MR comment scanning. For example, for Github Actions on: pull_request {} rule whereas for Gitlab, you will have to use the - if: $CI_MERGE_REQUEST_IID rule. Regarding other CI platforms feel free to look at the Sample CI configurations section of the Semgrep Docs.
The second way is to make sure you are actually performing an PR/MR scan. You can be notified this via the run logs/CLI logs. Please make sure the triggering event of the scan is a pull_request and not anything else like the following screenshot: Image of scan with a push trigger event.
And finally, Semgrep only leaves PR comments on brand new issues which will require changing the source code that is being scanned or re-instating your current project.
