ci: add centralized vuln remediation workflow#106
Conversation
Co-authored-by: Cursor <cursoragent@cursor.com>
|
Firetiger deploy monitoring skipped This PR didn't match the auto-monitor filter configured on your GitHub connection:
Reason: PR only adds a CI workflow caller and does not modify API endpoints (packages/api/cmd/api/) or Temporal workflows (packages/api/lib/temporal). To monitor this PR anyway, reply with |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit cfcca41. Configure here.
Co-authored-by: Cursor <cursoragent@cursor.com>
2 participants
Thin caller to the reusable 3-stage pipeline (triage → fix → PR) in kernel/security-workflows.
Made with Cursor
Note
Low Risk
Adds a scheduled/dispatchable GitHub Actions workflow that can open PRs and update repo contents, so misconfiguration could create noisy or unintended automated changes.
Overview
Introduces a new GitHub Actions workflow,
vuln-remediation.yml, that runs weekly (and on manual trigger) and delegates to the reusablekernel/security-workflowsvulnerability remediation pipeline with write access to contents and pull requests.Adds
socket.ymlwithversion: 2to enable/initialize Socket’s configuration for this repository.Reviewed by Cursor Bugbot for commit 48c75c6. Bugbot is set up for automated code reviews on this repo. Configure here.