update docs with instructions for customizable PR/MR comments (#2197)

khorne3 · web-flow · commit cc25104e6858 · 2025-06-17T15:24:22.000-05:00
* add component on creating custom PR and MR comments

* add component to required pages

* update supported link types

* add screenshot
diff --git a/docs/semgrep-appsec-platform/azure-pr-comments.md b/docs/semgrep-appsec-platform/azure-pr-comments.md
@@ -10,6 +10,7 @@ tags:
 
 <!-- vale off -->
 
+import CustomComments from "/src/components/procedure/_customize_pr_mr_comments.mdx"
 import DeploymentJourney from "/src/components/concept/_deployment-journey.mdx"
 import CommentTriggers from "/src/components/reference/_comment-triggers.mdx"
 import PrCommentsInSast from "/src/components/procedure/_pr-comments-in-sast.mdx"
@@ -115,6 +116,10 @@ steps:
 
 <CommentsInSupplyChain />
 
+## Customize PR comments
+
+<CustomComments comment_type="PR" link_type="HTML, Markdown, and plaintext" />
+
 ## Next steps
 
 <NextAfterComments />
diff --git a/docs/semgrep-appsec-platform/bitbucket-cloud-pr-comments.md b/docs/semgrep-appsec-platform/bitbucket-cloud-pr-comments.md
@@ -11,6 +11,7 @@ tags:
 
 <!-- vale off -->
 
+import CustomComments from "/src/components/procedure/_customize_pr_mr_comments.mdx"
 import Tabs from '@theme/Tabs';
 import TabItem from '@theme/TabItem';
 import TroubleshootingPrLinks from "/src/components/reference/_troubleshooting-pr-links.mdx"
@@ -205,6 +206,10 @@ Bitbucket Premium provides [<i class="fas fa-external-link fa-xs"></i> access co
 Only rules set to the **Comment** and **Block** rule modes in the [Policies page](https://semgrep.dev/orgs/-/policies) create PR comments.
 :::
 
+## Customize PR comments
+
+<CustomComments comment_type="PR" link_type="Markdown and plaintext" />
+
 ## Next steps
 
 <NextAfterComments />
diff --git a/docs/semgrep-appsec-platform/bitbucket-data-center-pr-comments.md b/docs/semgrep-appsec-platform/bitbucket-data-center-pr-comments.md
@@ -11,6 +11,7 @@ tags:
 
 <!-- vale off -->
 
+import CustomComments from "/src/components/procedure/_customize_pr_mr_comments.mdx"
 import Tabs from '@theme/Tabs';
 import TabItem from '@theme/TabItem';
 import TroubleshootingPrLinks from "/src/components/reference/_troubleshooting-pr-links.mdx"
@@ -73,6 +74,10 @@ Confirm that you have the correct connection and access:
 
 <DisableComments />
 
+## Customize PR comments
+
+<CustomComments comment_type="PR" link_type="Markdown and plaintext" />
+
 ## Next steps
 
 <NextAfterComments />
diff --git a/docs/semgrep-appsec-platform/github-pr-comments.md b/docs/semgrep-appsec-platform/github-pr-comments.md
@@ -11,6 +11,7 @@ tags:
 
 <!-- vale off -->
 
+import CustomComments from "/src/components/procedure/_customize_pr_mr_comments.mdx"
 import EnableAutofix from "/src/components/procedure/_enable-autofix.mdx"
 import DeploymentJourney from "/src/components/concept/_deployment-journey.mdx"
 import DisplayTaintedDataIntro from "/src/components/concept/_semgrep-code-display-tainted-data.mdx"
@@ -142,6 +143,10 @@ Both GitHub and GitLab provide features to prevent or block a PR or MR from merg
 </tr>
 </table>
 
+### Customize PR comments
+
+<CustomComments comment_type="PR" link_type="HTML, Markdown, and plaintext" />
+
 ## Next steps
 
 <NextAfterComments />
diff --git a/docs/semgrep-appsec-platform/gitlab-mr-comments.md b/docs/semgrep-appsec-platform/gitlab-mr-comments.md
@@ -12,6 +12,7 @@ tags:
 
 <!-- vale off -->
 
+import CustomComments from "/src/components/procedure/_customize_pr_mr_comments.mdx"
 import EnableAutofix from "/src/components/procedure/_enable-autofix.mdx"
 import DisplayTaintedDataIntro from "/src/components/concept/_semgrep-code-display-tainted-data.mdx"
 import CommentTriggers from "/src/components/reference/_comment-triggers.mdx"
@@ -114,6 +115,10 @@ To enable dataflow traces in your CI pipeline, fulfill the following prerequisit
 - Not all Semgrep rules or rulesets make use of taint tracking. Ensure that you have a ruleset, such as the **default ruleset** added in your **[Policies](https://semgrep.dev/orgs/-/policies)**. If this ruleset is not added, go to [https://semgrep.dev/p/default](https://semgrep.dev/p/default), and then click **Add to Policy**. You can add rules that use taint tracking from [Semgrep Registry](https://semgrep.dev/explore).
 :::
 
+### Customize MR comments
+
+<CustomComments comment_type="MR" link_type="HTML, Markdown, and plaintext" />
+
 ## Next steps
 
 <NextAfterComments />
diff --git a/src/components/procedure/_customize_pr_mr_comments.mdx b/src/components/procedure/_customize_pr_mr_comments.mdx
@@ -0,0 +1,14 @@
+You can customize the comments Semgrep leaves on your {props.comment_type}. Custom comments allow you to direct your teams to the resources they need to handle the vulnerabilities Semgrep identifies in their code.
+
+![A custom comment with instructions on how to obtain more information about a finding.](/img/custom-comment-example.png#md-width)
+_**Figure**. A custom comment with instructions on how to obtain more information about a finding._
+
+To provide custom {props.comment_type} comments:
+
+1. Sign in to [<i class="fas fa-external-link fa-xs"></i> Semgrep AppSec Platform](https://semgrep.dev/login?).
+1. Navigate to **Settings > General > Global**.
+1. Go to the **Custom PR/MR comments footers** section.
+    ![Custom comment configuration in Semgrep AppSec Platform](/img/custom-comments-configuration.png#md-width)
+_**Figure**. Custom comment configuration in Semgrep AppSec Platform._
+1. Provide a custom comment for each Semgrep product whose findings you want to generate a PR comment. Semgrep supports {props.link_type} links in your message.
+1. Click **Save changes**.
diff --git a/static/img/custom-comment-example.png b/static/img/custom-comment-example.png
diff --git a/static/img/custom-comments-configuration.png b/static/img/custom-comments-configuration.png
