[uk ai resilience] UK AI Open Code Risk & Resilience Governance — 2026-07-07 #44077
Closed
Replies: 1 comment
-
|
This discussion has been marked as outdated by UK AI Operational Resilience. A newer discussion is available at Discussion #44783. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
UK AI Open Code Risk & Resilience Governance Report
Repository: github/gh-aw | Date: 2026-07-07 | Lookback: 7 days (since 2026-06-30)
1. Executive Summary
The gh-aw repository is an AI-native GitHub CLI extension with high commit velocity (359 commits in 7 days, ~51/day) and active security posture. The overall risk posture is Tier B — Open With Conditions: the codebase is open-source with strong operational controls, but carries 5 undismissed code-scanning alerts (all opened 11–23 days ago), no CODEOWNERS file, and one supply-chain exposure in its security-critical image publishing pipeline that has not yet received an issue/tracking record.
No secret scanning alerts are open. All runner-guard and static analysis findings are triaged and stable. Recent commits demonstrate rapid response to security-relevant issues.
2. Asset Graph Summary (Recent-Change Scoped)
pkg/cli/project_command.goscripts/ensure-docs-slide-pdf.js.github/workflows/publish-safe-outputs-node.ymlpkg/workflow/engine_firewall_support.go+actions/setup/setup.shpkg/workflow/repository_features_validation.gopkg/linters/.github/workflows/(general)3. Tier Classification Table
repository_features_validation.go,pkg/linters/, smoke testspublish-safe-outputs-node.yml(alert #625)4. Control Verification Summary
pelikhan; Copilot agent reviews; no CODEOWNERS filedependabot.ymlcovers go/npm/pip across 4 directories;go.sum(298 lines); Firewall SHA-pinned in recent commitdocker/build-push-actionin publish-safe-outputs still on tag5. Risk-Scoring Table
Scoring rationale (0=best, 10=worst):
Detail: Unpinned supply-chain action (#625)
docker/build-push-actionto its SHA hash (0aefeb1103cb...or current SHA for v7.2.0).docker/build-push-actionrepository or thev7.2.0tag is moved to point to malicious code, compromising the safe-outputs Node image publish, which propagates a backdoor to all agentic workflow runs.docker/build-push-actionto a specific commit SHA. Add image provenance verification (sigstore/cosign attestation) for the published image as a follow-up.Detail: GraphQL injection (#627/#628)
createProject()andlinkProjectToRepo()ALREADY use parameterized GraphQL variables ($ownerId: ID!,$projectId: ID!,$repositoryId: ID!) — the semgrep alerts are likely stale or false positives targeting an older code version that used string interpolation. TheescapeGraphQLString()function exists in the same file. Real injection risk is low.Detail: Network-to-file in docs builder (#636)
// codeql[js/http-to-file-access]: readPdfBytes() only downloads from a fixed GitHub media URL and validates content type, size, and PDF signature before this write.The validation appears intentional and documented.// codeql-disable-next-lineformat to close the alert.6. Remediation Queue with SLAs
docker/build-push-actionto SHA in publish-safe-outputs-node.yml (#625)@v7.2.0with SHA pin. See issue #aw_pub625pkg/,scripts/,.github/workflows/7. Exception Register
# poutine:ignoreannotationAll current exceptions are temporary and auditable via closed issue trail. No permanent hidden-repo exceptions.
8. Operational Metrics Baseline
pelikhan+ Copilot agent on most changes; no CODEOWNERSNext Actions
docker/build-push-actionto SHA inpublish-safe-outputs-node.yml— see new issue #aw_pub625CODEOWNERSfilegh aw compileoutputReferences:
Beta Was this translation helpful? Give feedback.
All reactions