Skip to content

Add security-advisory-publish workflow caller#79

Merged
negillett merged 2 commits into
mainfrom
security-advisory-publish
May 23, 2026
Merged

Add security-advisory-publish workflow caller#79
negillett merged 2 commits into
mainfrom
security-advisory-publish

Conversation

@negillett
Copy link
Copy Markdown
Member

@negillett negillett commented May 23, 2026

Summary

  • Add workflow_dispatch caller for OSV mirror verification after GHSA publish.

Test plan

  • Agent precommit checkpoint

Depends on

  • intentproof-infra #20

Add security-advisory-publish workflow caller
2a650e0 
Wire workflow_dispatch OSV mirror verification to the
shared intentproof-infra reusable workflow.

Signed-off-by: Nathan Gillett <nathan@intentproof.io>
@cursor
Copy link
Copy Markdown

cursor Bot commented May 23, 2026
edited
Loading

PR Summary

Low Risk
Adds a manually triggered GitHub Actions workflow that delegates to a pinned reusable workflow; low code risk but relies on an external workflow definition/behavior.

Overview
Adds a new manually triggered workflow, security-advisory-publish, that accepts ghsa_id (required) and optional cve_id inputs.

The workflow runs a pinned reusable workflow from IntentProof/intentproof-infra to verify OSV mirroring and inherits repository secrets, with read-only contents and security-events permissions.

Reviewed by Cursor Bugbot for commit feae4f1. Bugbot is set up for automated code reviews on this repo. Configure here.

cursor[bot]
cursor Bot reviewed May 23, 2026
View reviewed changes
Copy link
Copy Markdown

@cursor cursor Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Fix All in Cursor

❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.

Reviewed by Cursor Bugbot for commit 2a650e0. Configure here.

Comment thread .github/workflows/security-advisory-publish.yml
Pin advisory workflow to full infra merge SHA
feae4f1 
Use 40-character ref for intentproof-infra reusable
workflow after merge of PR #20.

Signed-off-by: Nathan Gillett <nathan@intentproof.io>
@negillett negillett merged commit d6755ba into main May 23, 2026
10 checks passed
@negillett negillett deleted the security-advisory-publish branch May 23, 2026 00:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@negillett