I’ve been reading through the code scanning docs and after configuring it for my repo it flagged some issues which was great. Then I did some pushes to fix some of the issues and they got marked as “Fixed”. However they still show on the “is:open” filter and they count towards the total number of security issues on the “Security tab” of the repo.
On the Fixing an alert doc it says:
“If you have write permission for a repository, you can view fixed alerts by viewing the summary of alerts and clicking Closed. […] The “Closed” list shows fixed alerts and alerts that users have closed.”
This is happening to me on this public repo of mine. The filter
is:open "Useless assignment to local variable" on code scanning shows what I mean, it returns 3 fixed alerts.
Am I missing something obvious? Shouldn’t the fixed alerts be in the closed state?