Skip to content

Enable threat-detection feature on 3 misconfigured detector/report workflows#44831

Closed
pelikhan with Copilot wants to merge 2 commits into
mainfrom
copilot/deep-report-add-gh-aw-detection
Closed

Enable threat-detection feature on 3 misconfigured detector/report workflows#44831
pelikhan with Copilot wants to merge 2 commits into
mainfrom
copilot/deep-report-add-gh-aw-detection

Conversation

Copilot AI commented Jul 10, 2026

Copy link
Copy Markdown
Contributor

Detection analysis flagged three detector/analysis workflows running without gh-aw-detection, which bypassed threat scanning on safe outputs. This PR enables detection on those workflows and updates compiled workflow artifacts accordingly.

  • Scope

    • Added features.gh-aw-detection: true to:
      • .github/workflows/bot-detection.md
      • .github/workflows/prompt-clustering-analysis.md
      • .github/workflows/duplicate-code-detector.md
  • Compilation updates

    • Recompiled workflow markdown so generated lockfiles reflect the feature flag changes:
      • bot-detection.lock.yml
      • prompt-clustering-analysis.lock.yml
      • duplicate-code-detector.lock.yml
  • Frontmatter change pattern

    features:
      gh-aw-detection: true

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Copilot AI changed the title [WIP] Add gh-aw-detection: true to misconfigured workflows Enable threat-detection feature on 3 misconfigured detector/report workflows Jul 10, 2026
Copilot AI requested a review from pelikhan July 10, 2026 20:27
@github-actions

This comment has been minimized.

@github-actions

Copy link
Copy Markdown
Contributor

PR Triage

Category: feature (security) | Risk: high | Priority: high | Score: 68/100 (impact:38, urgency:22, quality:8) | Action: fast_track

Closes a security gap — three detector/analysis workflows were running without gh-aw-detection, bypassing threat scanning on safe outputs. High urgency given security nature. Still a draft; CI not yet triggered. Recommend expedited review once CI passes.

Generated by 🔧 PR Triage Agent · 31.2 AIC · ⌖ 8.39 AIC · ⊞ 5.4K ·

@github-actions

Copy link
Copy Markdown
Contributor

Thanks for enabling threat-detection on the misconfigured workflows — this is an important security improvement! 🛡️

A couple of things that would help get this across the finish line:

  • Add tests — the detection feature flag changes in .github/workflows/bot-detection.md, prompt-clustering-analysis.md, and duplicate-code-detector.md don't have associated test coverage. Even a smoke test validating the feature flag is recognized would strengthen this.

If you'd like a hand, you can assign this prompt to your coding agent:

Add test coverage for the gh-aw-detection feature flag changes in:
- .github/workflows/bot-detection.md
- .github/workflows/prompt-clustering-analysis.md
- .github/workflows/duplicate-code-detector.md

Verify the feature flag is correctly parsed and that compiled lock files reflect the detection configuration.

Generated by ✅ Contribution Check · 141.9 AIC · ⌖ 14.9 AIC · ⊞ 6.2K ·

@pelikhan pelikhan closed this Jul 11, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[deep-report] Add gh-aw-detection: true to 3 misconfigured detection workflows

2 participants