The GitHub Actions job "link-check" on 
airflow-steward.git/feat/import-from-scan has failed.
Run started by GitHub user potiuk (triggered by potiuk).

Head commit for run:
752812186bb52563fefce418bd40569ebe1514e2 / Jarek Potiuk <[email protected]>
feat(skills): add security-issue-import-from-scan (triage-first scanner import) 
+ scan-format adapter

Upstreams the ASVS-importer override from an adopter (airflow-s) as a
vendor-neutral framework skill. security-issue-import-from-scan converts a
security scanner's multi-finding output into security work only after a
complete, operator-reviewed triage: it reads a scan's finding index plus
per-finding evidence via a pluggable scan-format adapter (tools/scan-format/,
ASVS reference), triages each finding against the project's Security Model and
reject precedents (reusing security-issue-triage + security-issue-import),
buckets by disposition, publishes the report as a gist (and optionally a
report-back PR), and applies only the operator's confirmed per-entry decisions.

Triage-first/never-auto-import; PR-worth/defense-in-depth findings are proposed
per entry (open-PR-or-skip) and never become trackers; only CVE-worthy findings
create one. Multi-source (issues and/or folders), recursive folder discovery,
and a 1-by-1 default with mandatory evidence deep-read. Adds the scan-format
adapter contract, a Step-C disposition-bucketing eval suite, and registers both
in docs/labels-and-capabilities.md under capability:intake.

Generated-by: Claude Code (Claude Opus 4.8)

Report URL: https://github.com/apache/airflow-steward/actions/runs/27361753859

With regards,
GitHub Actions via GitBox


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to