Skip to content

docs: cite org-security and tag-validation references#73

Merged
CybotTM merged 2 commits intomainfrom
docs/cite-org-and-workflow-refs
May 6, 2026
Merged

docs: cite org-security and tag-validation references#73
CybotTM merged 2 commits intomainfrom
docs/cite-org-and-workflow-refs

Conversation

@CybotTM
Copy link
Copy Markdown
Member

@CybotTM CybotTM commented May 6, 2026

Summary

Adds two previously orphaned reference files to the References table: org-security-settings.md (SHA pinning) and tag-validation.md (defense-in-depth). The reusable-workflow-security reference is already cited upstream.

Test plan

  • Verify reference files exist and are reachable from SKILL.md

Copilot AI review requested due to automatic review settings May 6, 2026 10:49
@CybotTM CybotTM enabled auto-merge May 6, 2026 10:49
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 6, 2026
edited
Loading

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

@CybotTM
docs: cite org-security-settings and tag-validation references
72a920e 
Adds two previously orphaned reference files to the References table:
org-security-settings.md (SHA pinning) and tag-validation.md
(defense-in-depth). The reusable-workflow-security reference is
already cited upstream.

Signed-off-by: Sebastian Mendel <github@sebastianmendel.de>
@CybotTM CybotTM force-pushed the docs/cite-org-and-workflow-refs branch from 21e79d6 to 72a920e Compare May 6, 2026 10:51
gemini-code-assist[bot]
gemini-code-assist Bot reviewed May 6, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates the SKILL.md file by adding two new entries to the references table: one for organization-level security settings regarding SHA pinning and another for tag validation as a defense-in-depth measure. I have no feedback to provide as there were no review comments.

@github-advanced-security
Copy link
Copy Markdown

github-advanced-security AI commented May 6, 2026

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

  • The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
  • Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
  • You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

Copilot AI reviewed May 6, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the GitHub Project skill documentation to include two existing but previously uncited reference documents in the SKILL.md “References” table, improving discoverability of security guidance.

Changes:

  • Add a reference entry for references/org-security-settings.md (org-level security / SHA pinning).
  • Add a reference entry for references/tag-validation.md (tag validation / defense-in-depth).

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@CybotTM
chore: trim SKILL.md to fit 500-word cap
11d8b86 
Signed-off-by: Sebastian Mendel <github@sebastianmendel.de>
@CybotTM CybotTM force-pushed the docs/cite-org-and-workflow-refs branch from 41e07f8 to 11d8b86 Compare May 6, 2026 11:17
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented May 6, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@CybotTM CybotTM merged commit b9d99ef into main May 6, 2026
16 checks passed
@CybotTM CybotTM deleted the docs/cite-org-and-workflow-refs branch May 6, 2026 11:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@CybotTM @github-advanced-security