Enable threat-detection feature on 3 misconfigured detector/report workflows#44831
Conversation
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
This comment has been minimized.
This comment has been minimized.
PR TriageCategory: feature (security) | Risk: high | Priority: high | Score: 68/100 (impact:38, urgency:22, quality:8) | Action: fast_track Closes a security gap — three detector/analysis workflows were running without gh-aw-detection, bypassing threat scanning on safe outputs. High urgency given security nature. Still a draft; CI not yet triggered. Recommend expedited review once CI passes.
|
|
Thanks for enabling threat-detection on the misconfigured workflows — this is an important security improvement! 🛡️ A couple of things that would help get this across the finish line:
If you'd like a hand, you can assign this prompt to your coding agent:
|
Detection analysis flagged three detector/analysis workflows running without
gh-aw-detection, which bypassed threat scanning on safe outputs. This PR enables detection on those workflows and updates compiled workflow artifacts accordingly.Scope
features.gh-aw-detection: trueto:.github/workflows/bot-detection.md.github/workflows/prompt-clustering-analysis.md.github/workflows/duplicate-code-detector.mdCompilation updates
bot-detection.lock.ymlprompt-clustering-analysis.lock.ymlduplicate-code-detector.lock.ymlFrontmatter change pattern