The GitHub Actions job "link-check" on airflow-steward.git/feat/import-from-scan has succeeded. Run started by GitHub user potiuk (triggered by potiuk).
Head commit for run: 8037d9b8f7c4847866d1cb7069a4409e94c46e5e / Jarek Potiuk <[email protected]> feat(skills): add security-issue-import-from-scan (triage-first scanner import) + scan-format adapter Upstreams the ASVS-importer override from an adopter (airflow-s) as a vendor-neutral framework skill. security-issue-import-from-scan converts a security scanner's multi-finding output into security work only after a complete, operator-reviewed triage: it reads a scan's finding index plus per-finding evidence via a pluggable scan-format adapter (tools/scan-format/, ASVS reference), triages each finding against the project's Security Model and reject precedents (reusing security-issue-triage + security-issue-import), buckets by disposition, publishes the report as a gist (and optionally a report-back PR), and applies only the operator's confirmed per-entry decisions. Triage-first/never-auto-import; PR-worth/defense-in-depth findings are proposed per entry (open-PR-or-skip) and never become trackers; only CVE-worthy findings create one. Multi-source (issues and/or folders), recursive folder discovery, and a 1-by-1 default with mandatory evidence deep-read. Adds the scan-format adapter contract, a Step-C disposition-bucketing eval suite, and registers both in docs/labels-and-capabilities.md under capability:intake. Generated-by: Claude Code (Claude Opus 4.8) Report URL: https://github.com/apache/airflow-steward/actions/runs/27362047677 With regards, GitHub Actions via GitBox --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
