Meet the Workflows: Security-related
Splendid! How great to have you back at Peli’s Agent Factory! Now, let me show you the guardian chamber - where the watchful protectors stand vigil!
In our previous post, we explored operations and release workflows that handle the critical process of shipping software - building, testing, generating release notes, and publishing. These workflows need to be rock-solid reliable because they represent the moment when our work reaches users.
But reliability alone isn’t enough - we also need security. When AI agents can access APIs, modify code, and interact with external services, security becomes paramount. How do we ensure agents only access authorized resources? How do we track vulnerabilities and enforce compliance deadlines? How do we prevent credential exposure? That’s where security and compliance workflows become our essential guardrails - the watchful guardians that let us sleep soundly at night.
Security-related Workflows
Section titled “Security-related Workflows”These agents are our security guards, keeping watch and enforcing the rules:
- Security Compliance - Runs vulnerability campaigns with deadline tracking
- Firewall - Tests network security and validates rules
- Daily Secrets Analysis - Scans for exposed credentials (yes, it happens)
- Daily Malicious Code Scan - Reviews recent code changes for suspicious patterns
- Static Analysis Report - Daily security scans using zizmor, poutine, and actionlint
The Security Compliance agent manages entire vulnerability remediation campaigns with deadline tracking - perfect for those “audit in 3 weeks” panic moments.
The Firewall workflow validates that our agents can’t access unauthorized resources - it’s the bouncer that enforces network rules.
The Daily Secrets Analysis scans for exposed credentials in commits and discussions, catching those “oops, I committed my API key” moments before they become incidents.
The Daily Malicious Code Scan goes deeper, reviewing recent code changes for suspicious patterns that might indicate security threats or compromised agentic behavior.
The Static Analysis Report runs a comprehensive security audit daily using industry-standard tools (zizmor, poutine, actionlint) to catch workflow vulnerabilities. This is particularly interesting because it shows how traditional security tools can be integrated into an AI agent workflow.
Using These Workflows
Section titled “Using These Workflows”You can add these workflows to your own repository and remix them. Get going with our Quick Start, then run one of the following:
Security Compliance:
gh aw add https://github.com/github/gh-aw/blob/v0.37.7/.github/workflows/security-compliance.mdFirewall:
gh aw add https://github.com/github/gh-aw/blob/v0.37.7/.github/workflows/firewall.mdDaily Secrets Analysis:
gh aw add https://github.com/github/gh-aw/blob/v0.37.7/.github/workflows/daily-secrets-analysis.mdDaily Malicious Code Scan:
gh aw add https://github.com/github/gh-aw/blob/v0.37.7/.github/workflows/daily-malicious-code-scan.mdStatic Analysis Report:
gh aw add https://github.com/github/gh-aw/blob/v0.37.7/.github/workflows/static-analysis-report.mdThen edit and remix the workflow specifications to meet your needs, recompile using gh aw compile, and push to your repository. See our Quick Start for further installation and setup instructions.
Learn More
Section titled “Learn More”- GitHub Agentic Workflows - The technology behind the workflows
- Quick Start - How to write and compile workflows
Next Up: Teamwork & Culture Workflows
Section titled “Next Up: Teamwork & Culture Workflows”After all this serious talk, let’s explore the fun side: agents that bring joy and build team culture.
Continue reading: Teamwork & Culture Workflows →
This is part 11 of a 19-part series exploring the workflows in Peli’s Agent Factory.