Skip to content

Compliance audit — 2026-04-09 #122

Closed
Closed
Compliance audit — 2026-04-09#122
Labels
claudeFor Claude agent pickupcompliance-auditAutomated compliance audit finding
@don-petry

Description

@don-petry
don-petry
opened on Apr 9, 2026

Compliance Audit — 2026-04-09

This umbrella issue tracks all findings from the automated compliance audit run on 2026-04-09.
Findings are grouped by remediation category. Address each category together to avoid duplicate agent PRs.

Total findings: 99 across 7 repositories

Remediation Work Breakdown

Repository Settings (21 finding(s))

Remediation: apply-repo-settings.sh
Affected repos: .github, ContentTwin, TalkTerm, bmad-bgreat-suite, broodly, google-app-scripts, markets

Repo Check Severity
.github allow_auto_merge warning
.github delete_branch_on_merge warning
.github has_wiki warning
markets allow_auto_merge warning
markets delete_branch_on_merge warning
markets has_wiki warning
google-app-scripts allow_auto_merge warning
google-app-scripts delete_branch_on_merge warning
google-app-scripts has_wiki warning
ContentTwin allow_auto_merge warning
ContentTwin delete_branch_on_merge warning
ContentTwin has_wiki warning
broodly allow_auto_merge warning
broodly delete_branch_on_merge warning
broodly has_wiki warning
bmad-bgreat-suite allow_auto_merge warning
bmad-bgreat-suite delete_branch_on_merge warning
bmad-bgreat-suite has_wiki warning
TalkTerm allow_auto_merge warning
TalkTerm delete_branch_on_merge warning
TalkTerm has_wiki warning

Repository Rulesets (3 finding(s))

Remediation: apply-rulesets.sh
Affected repos: ContentTwin, TalkTerm, broodly

Repo Check Severity
ContentTwin missing-code-quality error
broodly missing-code-quality error
TalkTerm required-claude-check-broken error

Workflows (18 finding(s))

Remediation: per-repo workflow additions
Affected repos: .github, ContentTwin, TalkTerm, bmad-bgreat-suite, broodly, google-app-scripts, markets

Repo Check Severity
.github codeql-default-setup-not-configured error
.github missing-permissions-claude-code-reusable.yml warning
.github missing-permissions-dependabot-automerge-reusable.yml warning
.github missing-permissions-dependabot-rebase-reusable.yml warning
.github missing-permissions-feature-ideation-reusable.yml warning
markets codeql-default-setup-not-configured error
markets stray-codeql-workflow error
google-app-scripts codeql-default-setup-not-configured error
google-app-scripts stray-codeql-workflow error
ContentTwin codeql-default-setup-not-configured error
ContentTwin stray-codeql-workflow error
broodly codeql-default-setup-not-configured error
broodly stray-codeql-workflow error
bmad-bgreat-suite codeql-default-setup-not-configured error
bmad-bgreat-suite stray-codeql-workflow error
TalkTerm missing-ci.yml error
TalkTerm codeql-default-setup-not-configured error
TalkTerm stray-codeql-workflow error

Action SHA Pinning (36 finding(s))

Remediation: pin actions to SHA in each workflow file
Affected repos: .github, ContentTwin, TalkTerm, bmad-bgreat-suite, broodly, google-app-scripts, markets

Repo Check Severity
.github unpinned-actions-agent-shield.yml error
.github unpinned-actions-claude.yml error
.github unpinned-actions-dependency-audit.yml error
markets unpinned-actions-agent-shield.yml error
markets unpinned-actions-claude.yml error
markets unpinned-actions-dependabot-automerge.yml error
markets unpinned-actions-dependabot-rebase.yml error
markets unpinned-actions-dependency-audit.yml error
markets unpinned-actions-feature-ideation.yml error
google-app-scripts unpinned-actions-agent-shield.yml error
google-app-scripts unpinned-actions-claude.yml error
google-app-scripts unpinned-actions-dependabot-automerge.yml error
google-app-scripts unpinned-actions-dependabot-rebase.yml error
google-app-scripts unpinned-actions-dependency-audit.yml error
google-app-scripts unpinned-actions-feature-ideation.yml error
ContentTwin unpinned-actions-agent-shield.yml error
ContentTwin unpinned-actions-claude.yml error
ContentTwin unpinned-actions-dependabot-automerge.yml error
ContentTwin unpinned-actions-dependabot-rebase.yml error
ContentTwin unpinned-actions-dependency-audit.yml error
broodly unpinned-actions-agent-shield.yml error
broodly unpinned-actions-claude.yml error
broodly unpinned-actions-dependabot-automerge.yml error
broodly unpinned-actions-dependabot-rebase.yml error
broodly unpinned-actions-dependency-audit.yml error
broodly unpinned-actions-feature-ideation.yml error
bmad-bgreat-suite unpinned-actions-agent-shield.yml error
bmad-bgreat-suite unpinned-actions-claude.yml error
bmad-bgreat-suite unpinned-actions-dependabot-automerge.yml error
bmad-bgreat-suite unpinned-actions-dependency-audit.yml error
TalkTerm unpinned-actions-agent-shield.yml error
TalkTerm unpinned-actions-claude.yml error
TalkTerm unpinned-actions-dependabot-automerge.yml error
TalkTerm unpinned-actions-dependabot-rebase.yml error
TalkTerm unpinned-actions-dependency-audit.yml error
TalkTerm unpinned-actions-feature-ideation.yml error

Dependabot Configuration (3 finding(s))

Remediation: per-repo .github/dependabot.yml
Affected repos: google-app-scripts

Repo Check Severity
google-app-scripts missing-github-actions-ecosystem error
google-app-scripts missing-security-label warning
google-app-scripts missing-dependencies-label warning

CLAUDE.md / AGENTS.md References (2 finding(s))

Remediation: per-repo doc updates
Affected repos: ContentTwin, markets

Repo Check Severity
markets agents-md-missing-org-ref error
ContentTwin agents-md-missing-org-ref error

Generated by the weekly compliance audit on 2026-04-09 17:16 UTC.
Address each remediation category as a single coordinated PR to avoid duplicate agent work.

Metadata

Metadata

Assignees

No one assigned

    Labels

    claudeFor Claude agent pickupcompliance-auditAutomated compliance audit finding

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions