From 0a1d722abc870c743ad5cadf0db7846caf2bdd2e Mon Sep 17 00:00:00 2001
From: Ruud Senden <8635138+rsenden@users.noreply.github.com>
Date: Tue, 17 Sep 2024 14:50:47 +0200
Subject: [PATCH] docs: Add PREVIEW label on PR comment options

---
 README.md                          | 36 ++++++++++++++++++++----------
 doc-resources/env-do-pr-comment.md |  6 +++--
 fod-sast-scan/README.md            |  6 +++--
 sc-sast-scan/README.md             |  6 +++--
 ssc-debricked-scan/README.md       |  6 +++--
 5 files changed, 40 insertions(+), 20 deletions(-)

diff --git a/README.md b/README.md
index fcc495f..de8277d 100644
--- a/README.md
+++ b/README.md
@@ -195,17 +195,19 @@ Note that this may require a [GitHub Advanced Security](https://docs.github.com/
 
 <!-- START-INCLUDE:env-do-pr-comment.md -->
 
-**`DO_PR_COMMENT`, `PR_COMMENT_ACTION`, `PR_COMMENT_EXTRA_OPTS`** - OPTIONAL    
+**`DO_PR_COMMENT`, `PR_COMMENT_ACTION`, `PR_COMMENT_EXTRA_OPTS`** - OPTIONAL *(PREVIEW)*    
 If `DO_PR_COMMENT` is set to `true` (implied if any of the other two `PR_COMMENT_*` variables are set, and implies `DO_WAIT`), this action will generate a pull request comment listing new, re-introduced and removed issues using the fcli-provided [FoD `github-pr-comment`](https://fortify.github.io/fcli/dev_develop/fod-actions.html#_github_pr_comment) or [SSC `github-pr-comment`](https://fortify.github.io/fcli/dev_develop/ssc-actions.html#_github_pr_comment) action or, if specified, the custom fcli action specified through `PR_COMMENT_ACTION`. `PR_COMMENT_ACTION` may point to a local file or URL; this custom fcli action must support (at least) the exact same action parameters (including any environment variable based default values for those parameters) as the built-in fcli action. Any extra options for the fcli action can be passed through the `PR_COMMENT_EXTRA_OPTS` environment variable, for example to specify the SSC filter set from which to load issue data, or to allow an unsigned custom action to be used.
 
 Note that pull request comments will only be generated under the following conditions:
 
 * `GITHUB_TOKEN` environment variable needs to be set to a valid GitHub token, for example from `{{ secrets.GITHUB_TOKEN }}`.
-* Standard `GITHUB_REF_NAME` environment variable points to a pull request.
+* Standard `GITHUB_REF_NAME` environment variable points to a pull request, which is only the case on GitHub `pull_request` triggers and not for example `manual` triggers.
 * All other standard GitHub environment variables like `GITHUB_REPOSITORY` and `GITHUB_SHA` are set.
 
 PR comments are generated by comparing scan results from the current GitHub Action run against the previous scan in the same application version/release; it won't detect any new/removed issues from older scans. For best results, you should configure the GitHub Action to run only on pull request creation (not on every commit) and optionally allow for manual runs (if you want to re-run the scan after a PR is updated). You should also configure the action to automatically create a dedicated application version/release for the current branch/PR, copying state from the main/parent branch version/release. This will allow the action to compare scan results for the current GitHub Action run against the last scan results of the main/parent branch.
 
+Given that there are many scenarios where PR comments may list incorrect data, for example when above requirements are not met, this functionality is currently considered PREVIEW functionality. Based on customer feedback, internal research and potential SSC/FoD improvements, we may be able to either improve the current implementation, or potentially decide to remove this functionality if it doesn't work reliably.
+
 <!-- END-INCLUDE:env-do-pr-comment.md -->
 
 
@@ -348,17 +350,19 @@ Note that this may require a [GitHub Advanced Security](https://docs.github.com/
 
 <!-- START-INCLUDE:env-do-pr-comment.md -->
 
-**`DO_PR_COMMENT`, `PR_COMMENT_ACTION`, `PR_COMMENT_EXTRA_OPTS`** - OPTIONAL    
+**`DO_PR_COMMENT`, `PR_COMMENT_ACTION`, `PR_COMMENT_EXTRA_OPTS`** - OPTIONAL *(PREVIEW)*    
 If `DO_PR_COMMENT` is set to `true` (implied if any of the other two `PR_COMMENT_*` variables are set, and implies `DO_WAIT`), this action will generate a pull request comment listing new, re-introduced and removed issues using the fcli-provided [FoD `github-pr-comment`](https://fortify.github.io/fcli/dev_develop/fod-actions.html#_github_pr_comment) or [SSC `github-pr-comment`](https://fortify.github.io/fcli/dev_develop/ssc-actions.html#_github_pr_comment) action or, if specified, the custom fcli action specified through `PR_COMMENT_ACTION`. `PR_COMMENT_ACTION` may point to a local file or URL; this custom fcli action must support (at least) the exact same action parameters (including any environment variable based default values for those parameters) as the built-in fcli action. Any extra options for the fcli action can be passed through the `PR_COMMENT_EXTRA_OPTS` environment variable, for example to specify the SSC filter set from which to load issue data, or to allow an unsigned custom action to be used.
 
 Note that pull request comments will only be generated under the following conditions:
 
 * `GITHUB_TOKEN` environment variable needs to be set to a valid GitHub token, for example from `{{ secrets.GITHUB_TOKEN }}`.
-* Standard `GITHUB_REF_NAME` environment variable points to a pull request.
+* Standard `GITHUB_REF_NAME` environment variable points to a pull request, which is only the case on GitHub `pull_request` triggers and not for example `manual` triggers.
 * All other standard GitHub environment variables like `GITHUB_REPOSITORY` and `GITHUB_SHA` are set.
 
 PR comments are generated by comparing scan results from the current GitHub Action run against the previous scan in the same application version/release; it won't detect any new/removed issues from older scans. For best results, you should configure the GitHub Action to run only on pull request creation (not on every commit) and optionally allow for manual runs (if you want to re-run the scan after a PR is updated). You should also configure the action to automatically create a dedicated application version/release for the current branch/PR, copying state from the main/parent branch version/release. This will allow the action to compare scan results for the current GitHub Action run against the last scan results of the main/parent branch.
 
+Given that there are many scenarios where PR comments may list incorrect data, for example when above requirements are not met, this functionality is currently considered PREVIEW functionality. Based on customer feedback, internal research and potential SSC/FoD improvements, we may be able to either improve the current implementation, or potentially decide to remove this functionality if it doesn't work reliably.
+
 <!-- END-INCLUDE:env-do-pr-comment.md -->
 
 
@@ -458,17 +462,19 @@ If `DO_JOB_SUMMARY` is set to `true` (implied if any of the other two `JOB_SUMMA
 
 <!-- START-INCLUDE:env-do-pr-comment.md -->
 
-**`DO_PR_COMMENT`, `PR_COMMENT_ACTION`, `PR_COMMENT_EXTRA_OPTS`** - OPTIONAL    
+**`DO_PR_COMMENT`, `PR_COMMENT_ACTION`, `PR_COMMENT_EXTRA_OPTS`** - OPTIONAL *(PREVIEW)*    
 If `DO_PR_COMMENT` is set to `true` (implied if any of the other two `PR_COMMENT_*` variables are set, and implies `DO_WAIT`), this action will generate a pull request comment listing new, re-introduced and removed issues using the fcli-provided [FoD `github-pr-comment`](https://fortify.github.io/fcli/dev_develop/fod-actions.html#_github_pr_comment) or [SSC `github-pr-comment`](https://fortify.github.io/fcli/dev_develop/ssc-actions.html#_github_pr_comment) action or, if specified, the custom fcli action specified through `PR_COMMENT_ACTION`. `PR_COMMENT_ACTION` may point to a local file or URL; this custom fcli action must support (at least) the exact same action parameters (including any environment variable based default values for those parameters) as the built-in fcli action. Any extra options for the fcli action can be passed through the `PR_COMMENT_EXTRA_OPTS` environment variable, for example to specify the SSC filter set from which to load issue data, or to allow an unsigned custom action to be used.
 
 Note that pull request comments will only be generated under the following conditions:
 
 * `GITHUB_TOKEN` environment variable needs to be set to a valid GitHub token, for example from `{{ secrets.GITHUB_TOKEN }}`.
-* Standard `GITHUB_REF_NAME` environment variable points to a pull request.
+* Standard `GITHUB_REF_NAME` environment variable points to a pull request, which is only the case on GitHub `pull_request` triggers and not for example `manual` triggers.
 * All other standard GitHub environment variables like `GITHUB_REPOSITORY` and `GITHUB_SHA` are set.
 
 PR comments are generated by comparing scan results from the current GitHub Action run against the previous scan in the same application version/release; it won't detect any new/removed issues from older scans. For best results, you should configure the GitHub Action to run only on pull request creation (not on every commit) and optionally allow for manual runs (if you want to re-run the scan after a PR is updated). You should also configure the action to automatically create a dedicated application version/release for the current branch/PR, copying state from the main/parent branch version/release. This will allow the action to compare scan results for the current GitHub Action run against the last scan results of the main/parent branch.
 
+Given that there are many scenarios where PR comments may list incorrect data, for example when above requirements are not met, this functionality is currently considered PREVIEW functionality. Based on customer feedback, internal research and potential SSC/FoD improvements, we may be able to either improve the current implementation, or potentially decide to remove this functionality if it doesn't work reliably.
+
 <!-- END-INCLUDE:env-do-pr-comment.md -->
 
 
@@ -898,17 +904,19 @@ Note that this may require a [GitHub Advanced Security](https://docs.github.com/
 
 <!-- START-INCLUDE:env-do-pr-comment.md -->
 
-**`DO_PR_COMMENT`, `PR_COMMENT_ACTION`, `PR_COMMENT_EXTRA_OPTS`** - OPTIONAL    
+**`DO_PR_COMMENT`, `PR_COMMENT_ACTION`, `PR_COMMENT_EXTRA_OPTS`** - OPTIONAL *(PREVIEW)*    
 If `DO_PR_COMMENT` is set to `true` (implied if any of the other two `PR_COMMENT_*` variables are set, and implies `DO_WAIT`), this action will generate a pull request comment listing new, re-introduced and removed issues using the fcli-provided [FoD `github-pr-comment`](https://fortify.github.io/fcli/dev_develop/fod-actions.html#_github_pr_comment) or [SSC `github-pr-comment`](https://fortify.github.io/fcli/dev_develop/ssc-actions.html#_github_pr_comment) action or, if specified, the custom fcli action specified through `PR_COMMENT_ACTION`. `PR_COMMENT_ACTION` may point to a local file or URL; this custom fcli action must support (at least) the exact same action parameters (including any environment variable based default values for those parameters) as the built-in fcli action. Any extra options for the fcli action can be passed through the `PR_COMMENT_EXTRA_OPTS` environment variable, for example to specify the SSC filter set from which to load issue data, or to allow an unsigned custom action to be used.
 
 Note that pull request comments will only be generated under the following conditions:
 
 * `GITHUB_TOKEN` environment variable needs to be set to a valid GitHub token, for example from `{{ secrets.GITHUB_TOKEN }}`.
-* Standard `GITHUB_REF_NAME` environment variable points to a pull request.
+* Standard `GITHUB_REF_NAME` environment variable points to a pull request, which is only the case on GitHub `pull_request` triggers and not for example `manual` triggers.
 * All other standard GitHub environment variables like `GITHUB_REPOSITORY` and `GITHUB_SHA` are set.
 
 PR comments are generated by comparing scan results from the current GitHub Action run against the previous scan in the same application version/release; it won't detect any new/removed issues from older scans. For best results, you should configure the GitHub Action to run only on pull request creation (not on every commit) and optionally allow for manual runs (if you want to re-run the scan after a PR is updated). You should also configure the action to automatically create a dedicated application version/release for the current branch/PR, copying state from the main/parent branch version/release. This will allow the action to compare scan results for the current GitHub Action run against the last scan results of the main/parent branch.
 
+Given that there are many scenarios where PR comments may list incorrect data, for example when above requirements are not met, this functionality is currently considered PREVIEW functionality. Based on customer feedback, internal research and potential SSC/FoD improvements, we may be able to either improve the current implementation, or potentially decide to remove this functionality if it doesn't work reliably.
+
 <!-- END-INCLUDE:env-do-pr-comment.md -->
 
 
@@ -1207,17 +1215,19 @@ Note that this may require a [GitHub Advanced Security](https://docs.github.com/
 
 <!-- START-INCLUDE:env-do-pr-comment.md -->
 
-**`DO_PR_COMMENT`, `PR_COMMENT_ACTION`, `PR_COMMENT_EXTRA_OPTS`** - OPTIONAL    
+**`DO_PR_COMMENT`, `PR_COMMENT_ACTION`, `PR_COMMENT_EXTRA_OPTS`** - OPTIONAL *(PREVIEW)*    
 If `DO_PR_COMMENT` is set to `true` (implied if any of the other two `PR_COMMENT_*` variables are set, and implies `DO_WAIT`), this action will generate a pull request comment listing new, re-introduced and removed issues using the fcli-provided [FoD `github-pr-comment`](https://fortify.github.io/fcli/dev_develop/fod-actions.html#_github_pr_comment) or [SSC `github-pr-comment`](https://fortify.github.io/fcli/dev_develop/ssc-actions.html#_github_pr_comment) action or, if specified, the custom fcli action specified through `PR_COMMENT_ACTION`. `PR_COMMENT_ACTION` may point to a local file or URL; this custom fcli action must support (at least) the exact same action parameters (including any environment variable based default values for those parameters) as the built-in fcli action. Any extra options for the fcli action can be passed through the `PR_COMMENT_EXTRA_OPTS` environment variable, for example to specify the SSC filter set from which to load issue data, or to allow an unsigned custom action to be used.
 
 Note that pull request comments will only be generated under the following conditions:
 
 * `GITHUB_TOKEN` environment variable needs to be set to a valid GitHub token, for example from `{{ secrets.GITHUB_TOKEN }}`.
-* Standard `GITHUB_REF_NAME` environment variable points to a pull request.
+* Standard `GITHUB_REF_NAME` environment variable points to a pull request, which is only the case on GitHub `pull_request` triggers and not for example `manual` triggers.
 * All other standard GitHub environment variables like `GITHUB_REPOSITORY` and `GITHUB_SHA` are set.
 
 PR comments are generated by comparing scan results from the current GitHub Action run against the previous scan in the same application version/release; it won't detect any new/removed issues from older scans. For best results, you should configure the GitHub Action to run only on pull request creation (not on every commit) and optionally allow for manual runs (if you want to re-run the scan after a PR is updated). You should also configure the action to automatically create a dedicated application version/release for the current branch/PR, copying state from the main/parent branch version/release. This will allow the action to compare scan results for the current GitHub Action run against the last scan results of the main/parent branch.
 
+Given that there are many scenarios where PR comments may list incorrect data, for example when above requirements are not met, this functionality is currently considered PREVIEW functionality. Based on customer feedback, internal research and potential SSC/FoD improvements, we may be able to either improve the current implementation, or potentially decide to remove this functionality if it doesn't work reliably.
+
 <!-- END-INCLUDE:env-do-pr-comment.md -->
 
 
@@ -1383,17 +1393,19 @@ If `DO_JOB_SUMMARY` is set to `true` (implied if any of the other two `JOB_SUMMA
 
 <!-- START-INCLUDE:env-do-pr-comment.md -->
 
-**`DO_PR_COMMENT`, `PR_COMMENT_ACTION`, `PR_COMMENT_EXTRA_OPTS`** - OPTIONAL    
+**`DO_PR_COMMENT`, `PR_COMMENT_ACTION`, `PR_COMMENT_EXTRA_OPTS`** - OPTIONAL *(PREVIEW)*    
 If `DO_PR_COMMENT` is set to `true` (implied if any of the other two `PR_COMMENT_*` variables are set, and implies `DO_WAIT`), this action will generate a pull request comment listing new, re-introduced and removed issues using the fcli-provided [FoD `github-pr-comment`](https://fortify.github.io/fcli/dev_develop/fod-actions.html#_github_pr_comment) or [SSC `github-pr-comment`](https://fortify.github.io/fcli/dev_develop/ssc-actions.html#_github_pr_comment) action or, if specified, the custom fcli action specified through `PR_COMMENT_ACTION`. `PR_COMMENT_ACTION` may point to a local file or URL; this custom fcli action must support (at least) the exact same action parameters (including any environment variable based default values for those parameters) as the built-in fcli action. Any extra options for the fcli action can be passed through the `PR_COMMENT_EXTRA_OPTS` environment variable, for example to specify the SSC filter set from which to load issue data, or to allow an unsigned custom action to be used.
 
 Note that pull request comments will only be generated under the following conditions:
 
 * `GITHUB_TOKEN` environment variable needs to be set to a valid GitHub token, for example from `{{ secrets.GITHUB_TOKEN }}`.
-* Standard `GITHUB_REF_NAME` environment variable points to a pull request.
+* Standard `GITHUB_REF_NAME` environment variable points to a pull request, which is only the case on GitHub `pull_request` triggers and not for example `manual` triggers.
 * All other standard GitHub environment variables like `GITHUB_REPOSITORY` and `GITHUB_SHA` are set.
 
 PR comments are generated by comparing scan results from the current GitHub Action run against the previous scan in the same application version/release; it won't detect any new/removed issues from older scans. For best results, you should configure the GitHub Action to run only on pull request creation (not on every commit) and optionally allow for manual runs (if you want to re-run the scan after a PR is updated). You should also configure the action to automatically create a dedicated application version/release for the current branch/PR, copying state from the main/parent branch version/release. This will allow the action to compare scan results for the current GitHub Action run against the last scan results of the main/parent branch.
 
+Given that there are many scenarios where PR comments may list incorrect data, for example when above requirements are not met, this functionality is currently considered PREVIEW functionality. Based on customer feedback, internal research and potential SSC/FoD improvements, we may be able to either improve the current implementation, or potentially decide to remove this functionality if it doesn't work reliably.
+
 <!-- END-INCLUDE:env-do-pr-comment.md -->
 
 
diff --git a/doc-resources/env-do-pr-comment.md b/doc-resources/env-do-pr-comment.md
index 01d6c92..84f6fa3 100644
--- a/doc-resources/env-do-pr-comment.md
+++ b/doc-resources/env-do-pr-comment.md
@@ -1,10 +1,12 @@
-**`DO_PR_COMMENT`, `PR_COMMENT_ACTION`, `PR_COMMENT_EXTRA_OPTS`** - OPTIONAL    
+**`DO_PR_COMMENT`, `PR_COMMENT_ACTION`, `PR_COMMENT_EXTRA_OPTS`** - OPTIONAL *(PREVIEW)*    
 If `DO_PR_COMMENT` is set to `true` (implied if any of the other two `PR_COMMENT_*` variables are set, and implies `DO_WAIT`), this action will generate a pull request comment listing new, re-introduced and removed issues using the fcli-provided [FoD `github-pr-comment`]({{var:fcli-doc-base-url}}fod-actions.html#_github_pr_comment) or [SSC `github-pr-comment`]({{var:fcli-doc-base-url}}ssc-actions.html#_github_pr_comment) action or, if specified, the custom fcli action specified through `PR_COMMENT_ACTION`. `PR_COMMENT_ACTION` may point to a local file or URL; this custom fcli action must support (at least) the exact same action parameters (including any environment variable based default values for those parameters) as the built-in fcli action. Any extra options for the fcli action can be passed through the `PR_COMMENT_EXTRA_OPTS` environment variable, for example to specify the SSC filter set from which to load issue data, or to allow an unsigned custom action to be used.
 
 Note that pull request comments will only be generated under the following conditions:
 
 * `GITHUB_TOKEN` environment variable needs to be set to a valid GitHub token, for example from `{{ secrets.GITHUB_TOKEN }}`.
-* Standard `GITHUB_REF_NAME` environment variable points to a pull request.
+* Standard `GITHUB_REF_NAME` environment variable points to a pull request, which is only the case on GitHub `pull_request` triggers and not for example `manual` triggers.
 * All other standard GitHub environment variables like `GITHUB_REPOSITORY` and `GITHUB_SHA` are set.
 
 PR comments are generated by comparing scan results from the current GitHub Action run against the previous scan in the same application version/release; it won't detect any new/removed issues from older scans. For best results, you should configure the GitHub Action to run only on pull request creation (not on every commit) and optionally allow for manual runs (if you want to re-run the scan after a PR is updated). You should also configure the action to automatically create a dedicated application version/release for the current branch/PR, copying state from the main/parent branch version/release. This will allow the action to compare scan results for the current GitHub Action run against the last scan results of the main/parent branch.
+
+Given that there are many scenarios where PR comments may list incorrect data, for example when above requirements are not met, this functionality is currently considered PREVIEW functionality. Based on customer feedback, internal research and potential SSC/FoD improvements, we may be able to either improve the current implementation, or potentially decide to remove this functionality if it doesn't work reliably.
diff --git a/fod-sast-scan/README.md b/fod-sast-scan/README.md
index 5b38dc2..ee1ea67 100644
--- a/fod-sast-scan/README.md
+++ b/fod-sast-scan/README.md
@@ -150,17 +150,19 @@ Note that this may require a [GitHub Advanced Security](https://docs.github.com/
 
 <!-- START-INCLUDE:env-do-pr-comment.md -->
 
-**`DO_PR_COMMENT`, `PR_COMMENT_ACTION`, `PR_COMMENT_EXTRA_OPTS`** - OPTIONAL    
+**`DO_PR_COMMENT`, `PR_COMMENT_ACTION`, `PR_COMMENT_EXTRA_OPTS`** - OPTIONAL *(PREVIEW)*    
 If `DO_PR_COMMENT` is set to `true` (implied if any of the other two `PR_COMMENT_*` variables are set, and implies `DO_WAIT`), this action will generate a pull request comment listing new, re-introduced and removed issues using the fcli-provided [FoD `github-pr-comment`](https://fortify.github.io/fcli/dev_develop/fod-actions.html#_github_pr_comment) or [SSC `github-pr-comment`](https://fortify.github.io/fcli/dev_develop/ssc-actions.html#_github_pr_comment) action or, if specified, the custom fcli action specified through `PR_COMMENT_ACTION`. `PR_COMMENT_ACTION` may point to a local file or URL; this custom fcli action must support (at least) the exact same action parameters (including any environment variable based default values for those parameters) as the built-in fcli action. Any extra options for the fcli action can be passed through the `PR_COMMENT_EXTRA_OPTS` environment variable, for example to specify the SSC filter set from which to load issue data, or to allow an unsigned custom action to be used.
 
 Note that pull request comments will only be generated under the following conditions:
 
 * `GITHUB_TOKEN` environment variable needs to be set to a valid GitHub token, for example from `{{ secrets.GITHUB_TOKEN }}`.
-* Standard `GITHUB_REF_NAME` environment variable points to a pull request.
+* Standard `GITHUB_REF_NAME` environment variable points to a pull request, which is only the case on GitHub `pull_request` triggers and not for example `manual` triggers.
 * All other standard GitHub environment variables like `GITHUB_REPOSITORY` and `GITHUB_SHA` are set.
 
 PR comments are generated by comparing scan results from the current GitHub Action run against the previous scan in the same application version/release; it won't detect any new/removed issues from older scans. For best results, you should configure the GitHub Action to run only on pull request creation (not on every commit) and optionally allow for manual runs (if you want to re-run the scan after a PR is updated). You should also configure the action to automatically create a dedicated application version/release for the current branch/PR, copying state from the main/parent branch version/release. This will allow the action to compare scan results for the current GitHub Action run against the last scan results of the main/parent branch.
 
+Given that there are many scenarios where PR comments may list incorrect data, for example when above requirements are not met, this functionality is currently considered PREVIEW functionality. Based on customer feedback, internal research and potential SSC/FoD improvements, we may be able to either improve the current implementation, or potentially decide to remove this functionality if it doesn't work reliably.
+
 <!-- END-INCLUDE:env-do-pr-comment.md -->
 
 
diff --git a/sc-sast-scan/README.md b/sc-sast-scan/README.md
index e66dc9b..7ab1cb2 100644
--- a/sc-sast-scan/README.md
+++ b/sc-sast-scan/README.md
@@ -165,17 +165,19 @@ Note that this may require a [GitHub Advanced Security](https://docs.github.com/
 
 <!-- START-INCLUDE:env-do-pr-comment.md -->
 
-**`DO_PR_COMMENT`, `PR_COMMENT_ACTION`, `PR_COMMENT_EXTRA_OPTS`** - OPTIONAL    
+**`DO_PR_COMMENT`, `PR_COMMENT_ACTION`, `PR_COMMENT_EXTRA_OPTS`** - OPTIONAL *(PREVIEW)*    
 If `DO_PR_COMMENT` is set to `true` (implied if any of the other two `PR_COMMENT_*` variables are set, and implies `DO_WAIT`), this action will generate a pull request comment listing new, re-introduced and removed issues using the fcli-provided [FoD `github-pr-comment`](https://fortify.github.io/fcli/dev_develop/fod-actions.html#_github_pr_comment) or [SSC `github-pr-comment`](https://fortify.github.io/fcli/dev_develop/ssc-actions.html#_github_pr_comment) action or, if specified, the custom fcli action specified through `PR_COMMENT_ACTION`. `PR_COMMENT_ACTION` may point to a local file or URL; this custom fcli action must support (at least) the exact same action parameters (including any environment variable based default values for those parameters) as the built-in fcli action. Any extra options for the fcli action can be passed through the `PR_COMMENT_EXTRA_OPTS` environment variable, for example to specify the SSC filter set from which to load issue data, or to allow an unsigned custom action to be used.
 
 Note that pull request comments will only be generated under the following conditions:
 
 * `GITHUB_TOKEN` environment variable needs to be set to a valid GitHub token, for example from `{{ secrets.GITHUB_TOKEN }}`.
-* Standard `GITHUB_REF_NAME` environment variable points to a pull request.
+* Standard `GITHUB_REF_NAME` environment variable points to a pull request, which is only the case on GitHub `pull_request` triggers and not for example `manual` triggers.
 * All other standard GitHub environment variables like `GITHUB_REPOSITORY` and `GITHUB_SHA` are set.
 
 PR comments are generated by comparing scan results from the current GitHub Action run against the previous scan in the same application version/release; it won't detect any new/removed issues from older scans. For best results, you should configure the GitHub Action to run only on pull request creation (not on every commit) and optionally allow for manual runs (if you want to re-run the scan after a PR is updated). You should also configure the action to automatically create a dedicated application version/release for the current branch/PR, copying state from the main/parent branch version/release. This will allow the action to compare scan results for the current GitHub Action run against the last scan results of the main/parent branch.
 
+Given that there are many scenarios where PR comments may list incorrect data, for example when above requirements are not met, this functionality is currently considered PREVIEW functionality. Based on customer feedback, internal research and potential SSC/FoD improvements, we may be able to either improve the current implementation, or potentially decide to remove this functionality if it doesn't work reliably.
+
 <!-- END-INCLUDE:env-do-pr-comment.md -->
 
 
diff --git a/ssc-debricked-scan/README.md b/ssc-debricked-scan/README.md
index ca9786f..9efbf0e 100644
--- a/ssc-debricked-scan/README.md
+++ b/ssc-debricked-scan/README.md
@@ -122,17 +122,19 @@ If `DO_JOB_SUMMARY` is set to `true` (implied if any of the other two `JOB_SUMMA
 
 <!-- START-INCLUDE:env-do-pr-comment.md -->
 
-**`DO_PR_COMMENT`, `PR_COMMENT_ACTION`, `PR_COMMENT_EXTRA_OPTS`** - OPTIONAL    
+**`DO_PR_COMMENT`, `PR_COMMENT_ACTION`, `PR_COMMENT_EXTRA_OPTS`** - OPTIONAL *(PREVIEW)*    
 If `DO_PR_COMMENT` is set to `true` (implied if any of the other two `PR_COMMENT_*` variables are set, and implies `DO_WAIT`), this action will generate a pull request comment listing new, re-introduced and removed issues using the fcli-provided [FoD `github-pr-comment`](https://fortify.github.io/fcli/dev_develop/fod-actions.html#_github_pr_comment) or [SSC `github-pr-comment`](https://fortify.github.io/fcli/dev_develop/ssc-actions.html#_github_pr_comment) action or, if specified, the custom fcli action specified through `PR_COMMENT_ACTION`. `PR_COMMENT_ACTION` may point to a local file or URL; this custom fcli action must support (at least) the exact same action parameters (including any environment variable based default values for those parameters) as the built-in fcli action. Any extra options for the fcli action can be passed through the `PR_COMMENT_EXTRA_OPTS` environment variable, for example to specify the SSC filter set from which to load issue data, or to allow an unsigned custom action to be used.
 
 Note that pull request comments will only be generated under the following conditions:
 
 * `GITHUB_TOKEN` environment variable needs to be set to a valid GitHub token, for example from `{{ secrets.GITHUB_TOKEN }}`.
-* Standard `GITHUB_REF_NAME` environment variable points to a pull request.
+* Standard `GITHUB_REF_NAME` environment variable points to a pull request, which is only the case on GitHub `pull_request` triggers and not for example `manual` triggers.
 * All other standard GitHub environment variables like `GITHUB_REPOSITORY` and `GITHUB_SHA` are set.
 
 PR comments are generated by comparing scan results from the current GitHub Action run against the previous scan in the same application version/release; it won't detect any new/removed issues from older scans. For best results, you should configure the GitHub Action to run only on pull request creation (not on every commit) and optionally allow for manual runs (if you want to re-run the scan after a PR is updated). You should also configure the action to automatically create a dedicated application version/release for the current branch/PR, copying state from the main/parent branch version/release. This will allow the action to compare scan results for the current GitHub Action run against the last scan results of the main/parent branch.
 
+Given that there are many scenarios where PR comments may list incorrect data, for example when above requirements are not met, this functionality is currently considered PREVIEW functionality. Based on customer feedback, internal research and potential SSC/FoD improvements, we may be able to either improve the current implementation, or potentially decide to remove this functionality if it doesn't work reliably.
+
 <!-- END-INCLUDE:env-do-pr-comment.md -->