Skip to content

Add vulnerability-alerts permission to workflow schema#356

Merged
salmanmkc merged 1 commit intomainfrom
vulnerability-alerts-permission
Apr 21, 2026
Merged

Add vulnerability-alerts permission to workflow schema#356
salmanmkc merged 1 commit intomainfrom
vulnerability-alerts-permission

Conversation

@salmanmkc
Copy link
Copy Markdown
Contributor

@salmanmkc salmanmkc commented Apr 15, 2026
edited
Loading

Summary

Add vulnerability-alerts as a new read-only permission key in the workflow schema permissions-mapping.

Changes

  • Added vulnerability-alerts with permission-level-read-or-no-access type (only read and none are valid)
  • Updated security-events description to Code scanning alerts. (Dependabot alerts now have their own key)

@salmanmkc
Add vulnerability-alerts permission to workflow schema
38f730c 
Add vulnerability-alerts as a new read-only permission key in the
permissions-mapping. This permission allows workflows to read
Dependabot alerts via GITHUB_TOKEN.

Uses permission-level-read-or-no-access type (read and none only).
Updated security-events description to reflect it covers code
scanning alerts only.
@salmanmkc
Copy link
Copy Markdown
Contributor Author

salmanmkc commented Apr 15, 2026

Related PRs

Part of the vulnerability-alerts permission rollout. Independent change — no blocking dependencies.

@salmanmkc salmanmkc mentioned this pull request Apr 15, 2026
Merged
@salmanmkc salmanmkc marked this pull request as ready for review April 21, 2026 18:15
Copilot AI review requested due to automatic review settings April 21, 2026 18:15
@salmanmkc salmanmkc requested a review from a team as a code owner April 21, 2026 18:15
Copilot AI reviewed Apr 21, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the workflow schema’s permissions mapping to support a new vulnerability-alerts permission key (read-only) and to clarify the existing security-events permission description now that Dependabot alerts have their own dedicated key.

Changes:

  • Added vulnerability-alerts as a permission-level-read-or-no-access permission with description “Dependabot alerts.”
  • Updated security-events description to “Code scanning alerts.”
Show a summary per file
File Description
workflow-parser/src/workflow-v1.0.json Extends the workflow permissions schema with vulnerability-alerts and refines security-events wording.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 1/1 changed files
  • Comments generated: 0

@salmanmkc salmanmkc merged commit a06de82 into main Apr 21, 2026
11 checks passed
@salmanmkc salmanmkc deleted the vulnerability-alerts-permission branch April 21, 2026 19:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@ericsciple ericsciple ericsciple approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@salmanmkc @ericsciple