Skip to content
GitHub Agentic Workflows

Security Scanner Workflow Example

Security Scanner

Section titled “Security Scanner”

Scan the repository for security vulnerabilities and create issues for any findings.

Instructions

Section titled “Instructions”
  1. Run security scans using available tools
  2. Identify vulnerabilities by severity (critical, high, medium, low)
  3. For each critical or high-severity vulnerability:
    • Create an issue with:
      • Title: “[Security] in
      • Description including:
        • Severity level
        • Affected component/file
        • CVE ID (if available)
        • Recommended fix
        • References and resources
      • Labels: security, , plus the campaign tracker label (defaults to z_campaign_<campaign_id>)
  4. For medium and low-severity findings:
    • Group similar findings into a single issue
    • Include all details in the issue description
  5. Add comments to existing security issues if new information is discovered

Example Issue

Section titled “Example Issue”

Title: [Security] SQL Injection vulnerability in user authentication

Body:

## Vulnerability Details


**Severity**: High
**CVE**: CVE-2025-12345
**Component**: `src/auth/login.js`
**Line**: 42-45


## Description


SQL injection vulnerability in user authentication logic allows attackers to bypass authentication by injecting malicious SQL code.


## Recommended Fix


Use parameterized queries instead of string concatenation:


```javascript
const query = 'SELECT * FROM users WHERE username = ? AND password = ?';
db.query(query, [username, hashedPassword]);
```


## References


- https://cwe.mitre.org/data/definitions/89.html
- https://owasp.org/www-community/attacks/SQL_Injection

Made with by GitHub Next & Microsoft Research Terms of Service