Skip to content

Add security-advisory-publish workflow caller#60

Merged
negillett merged 2 commits into
mainfrom
security-advisory-publish
May 23, 2026
Merged

Add security-advisory-publish workflow caller#60
negillett merged 2 commits into
mainfrom
security-advisory-publish

Conversation

@negillett
Copy link
Copy Markdown
Member

@negillett negillett commented May 23, 2026

Summary

  • Add workflow_dispatch caller for OSV mirror verification after GHSA publish.

Test plan

  • Agent precommit checkpoint

Depends on

  • intentproof-infra #20

Add security-advisory-publish workflow caller
642e734 
Wire workflow_dispatch OSV mirror verification to the
shared intentproof-infra reusable workflow.

Signed-off-by: Nathan Gillett <nathan@intentproof.io>
@cursor
Copy link
Copy Markdown

cursor Bot commented May 23, 2026
edited
Loading

PR Summary

Low Risk
Adds a manually-triggered GitHub Actions workflow that calls a pinned reusable workflow in intentproof-infra; risk is low but depends on the external workflow behavior and inherited secrets.

Overview
Adds a new security-advisory-publish GitHub Actions workflow that can be run via workflow_dispatch with ghsa_id (required) and optional cve_id.

The job delegates to a pinned reusable workflow in IntentProof/intentproof-infra to verify OSV mirroring, using read-only contents/security-events permissions and secrets: inherit.

Reviewed by Cursor Bugbot for commit 4acdb51. Bugbot is set up for automated code reviews on this repo. Configure here.

cursor[bot]
cursor Bot reviewed May 23, 2026
View reviewed changes
Copy link
Copy Markdown

@cursor cursor Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Fix All in Cursor

❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.

Reviewed by Cursor Bugbot for commit 642e734. Configure here.

Comment thread .github/workflows/security-advisory-publish.yml Outdated
Pin advisory workflow to full infra merge SHA
4acdb51 
Use 40-character ref for intentproof-infra reusable
workflow after merge of PR #20.

Signed-off-by: Nathan Gillett <nathan@intentproof.io>
@negillett negillett merged commit 0423fbe into main May 23, 2026
10 checks passed
@negillett negillett deleted the security-advisory-publish branch May 23, 2026 00:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@negillett