π οΈ Automate Issue Creation for Low and Medium Severity Security Findings
This issue tracks the implementation of automated GitHub Issue creation for security vulnerabilities classified as low or medium severity across supported security tools in the LedgerBase CI pipeline.
π― Objective
Extend the LedgerBase security workflows to:
- β Fail PRs only on high and critical findings
- β
Automatically open GitHub Issues for low and medium severity items
- π Ensure vulnerabilities are logged, tracked, and triaged even if they do not block merges
π Implementation Plan
1. Enhance Security Summary Parsing
2. Automate GitHub Issue Creation
3. Improve Resilience and Filtering
π§° Targeted Security Tools
π Deliverables
π Future Considerations
- Auto-assign based on CODEOWNERS or file paths
- Add SLA labels like
due:90d or needs-review
- Notify via Slack or email when issues are filed
π Related
π οΈ Automate Issue Creation for Low and Medium Severity Security Findings
This issue tracks the implementation of automated GitHub Issue creation for security vulnerabilities classified as low or medium severity across supported security tools in the LedgerBase CI pipeline.
π― Objective
Extend the LedgerBase security workflows to:
π Implementation Plan
1. Enhance Security Summary Parsing
status-summaryor dedicated post-processing job to:*.sarif,*.json, and*_output.txtfilesLOW,MEDIUM, etc.)2. Automate GitHub Issue Creation
actions/github-scriptor GitHub REST API to:[SECURITY] Medium severity issue in <filename> from <tool>security,triage,severity:mediumorseverity:low3. Improve Resilience and Filtering
metadata/issues-seen.jsonartifact or similarπ§° Targeted Security Tools
bandit_output.txt)safety_output.txt)audit_results.txt)semgrep-results.json)trivy-results.sarif)snyk-results.json)π Deliverables
security.ymlworkflowπ Future Considerations
due:90dorneeds-reviewπ Related