Skip to content
GitHub Agentic Workflows

Meet the Workflows: Security-related

Don Syme
Don Syme
 Peli de Halleux
Peli de Halleux
 Mara Kiefer
Mara Kiefer
Peli de Halleux

Splendid! How great to have you back at Peli’s Agent Factory! Now, let me show you the guardian chamber - where the watchful protectors stand vigil!

In our previous post, we explored operations and release workflows that handle the critical process of shipping software - building, testing, generating release notes, and publishing. These workflows need to be rock-solid reliable because they represent the moment when our work reaches users.

But reliability alone isn’t enough - we also need security. When AI agents can access APIs, modify code, and interact with external services, security becomes paramount. How do we ensure agents only access authorized resources? How do we track vulnerabilities and enforce compliance deadlines? How do we prevent credential exposure? That’s where security and compliance workflows become our essential guardrails - the watchful guardians that let us sleep soundly at night.

Section titled “Security-related Workflows”

These agents are our security guards, keeping watch and enforcing the rules:

  • Security Compliance - Runs vulnerability campaigns with deadline tracking
  • Firewall - Tests network security and validates rules - 59 daily firewall report discussions, 5 smoke test issues
  • Daily Secrets Analysis - Scans for exposed credentials (yes, it happens)
  • Daily Malicious Code Scan - Reviews recent code changes for suspicious patterns
  • Static Analysis Report - Daily security scans using zizmor, poutine, and actionlint - 57 analysis discussions plus 12 Zizmor security reports

Security Compliance manages vulnerability remediation campaigns with deadline tracking, ensuring security issues are addressed within defined SLAs - perfect for those “audit in 3 weeks” panic moments.

The Firewall workflow has created 59 daily firewall report discussions and 5 smoke test issues, validating that our agents can’t access unauthorized resources - for example, #6943 with the daily firewall analysis. It’s the bouncer that enforces network rules.

Daily Secrets Analysis scans for exposed credentials in commits and discussions, providing an automated security net against accidental secret exposure - catching those “oops, I committed my API key” moments before they become incidents.

Daily Malicious Code Scan reviews recent code changes for suspicious patterns, adding an automated defense layer against supply chain attacks.

Static Analysis Report has created 57 analysis discussions plus 12 Zizmor security reports, running comprehensive daily security audits using industry-standard tools - for example, #6973 with the latest static analysis findings and #3033 with a Zizmor security analysis. This shows how traditional security tools can be integrated into an AI agent workflow.

Using These Workflows

Section titled “Using These Workflows”

You can add these workflows to your own repository and remix them. Get going with our Quick Start, then run one of the following:

Security Compliance:

Terminal window
gh aw add-wizard https://github.com/github/gh-aw/blob/v0.45.5/.github/workflows/security-compliance.md

Firewall:

Terminal window
gh aw add-wizard https://github.com/github/gh-aw/blob/v0.45.5/.github/workflows/firewall.md

Daily Secrets Analysis:

Terminal window
gh aw add-wizard https://github.com/github/gh-aw/blob/v0.45.5/.github/workflows/daily-secrets-analysis.md

Daily Malicious Code Scan:

Terminal window
gh aw add-wizard https://github.com/github/gh-aw/blob/v0.45.5/.github/workflows/daily-malicious-code-scan.md

Static Analysis Report:

Terminal window
gh aw add-wizard https://github.com/github/gh-aw/blob/v0.45.5/.github/workflows/static-analysis-report.md

Then edit and remix the workflow specifications to meet your needs, regenerate the lock file using gh aw compile, and push to your repository. See our Quick Start for further installation and setup instructions.

You can also create your own workflows.

Learn More

Section titled “Learn More”

Next Up: Teamwork & Culture Workflows

Section titled “Next Up: Teamwork & Culture Workflows”

After all this serious talk, let’s explore the fun side: agents that bring joy and build team culture.

Continue reading: Teamwork & Culture Workflows →

This is part 11 of a 19-part series exploring the workflows in Peli’s Agent Factory.

Community Feedback

Made with by GitHub Next & Microsoft Research Terms Privacy Security