Skip to content

[workflow-style] Normalize report formatting for daily-malicious-code-scan #10976

New issue
New issue
Closed
#10985
Closed
[workflow-style] Normalize report formatting for daily-malicious-code-scan#10976
#10985
Assignees
mnkiefercopilot-swe-agent
Labels
documentationImprovements or additions to documentationimprovementsecurityworkflow-style
@github-actions

Description

@github-actions
github-actions
bot
opened on Jan 21, 2026

Workflow to Update

Workflow File: .github/workflows/daily-malicious-code-scan.md
Issue: This daily security workflow (312 lines) doesn't import shared/reporting.md which contains markdown style guidelines

Required Changes

Add the import to the frontmatter:

imports:
  - shared/reporting.md

This will provide the workflow with standardized formatting guidelines for security reports:

1. Header Level Guidelines

  • Use h3 (###) or lower for all headers to maintain proper document hierarchy
  • Never use h2 (##) or h1 (#) in reports - these are reserved for titles

2. Progressive Disclosure Guidelines

  • Wrap scan details in <details><summary><b>Section Name</b></summary> tags
  • Show critical security findings immediately
  • Hide detailed file-by-file analysis in collapsible sections

Example for security reports:

### Security Scan Summary
- Files scanned: 234
- Critical issues: 0
- Warnings: 2
- Status: ✅ Clean

### Critical Findings
[Always visible - empty if none found]

<details>
<summary><b>View Detailed Scan Results</b></summary>

### File-by-File Analysis
[Comprehensive breakdown of each scanned file]

### Warning Details
[Details about non-critical warnings]

</details>

### Recommendations
[Actionable next steps - keep visible if findings exist]

3. Security Report Structure

  • Summary: Scan status and counts (always visible)
  • Critical Findings: Security issues requiring immediate attention (always visible)
  • Detailed Results: Per-file scan results (in <details> tags)
  • Recommendations: Remediation steps (visible if issues found)

Design Principles (Airbnb-Inspired)

Security reports should:

  1. Build trust through clarity: Critical issues immediately visible
  2. Exceed expectations: Include trends (vs. previous scans), context
  3. Create delight: Use progressive disclosure - don't overwhelm with clean file lists
  4. Maintain consistency: Follow patterns used across all security workflows

Example Reference

See workflows like daily-secrets-analysis or security-focused workflows that create clear, actionable reports.

Validation

After updating:

  1. Run the workflow manually with workflow_dispatch
  2. Verify the report uses h3+ headers (not h1 or h2)
  3. Check that detailed scan results use <details> tags
  4. Confirm critical findings and summary are immediately visible

Priority: Medium-High - Daily security workflow (312 lines), important for visibility of security status

AI generated by Workflow Normalizer

  • expires on Jan 28, 2026, 12:26 PM UTC

Metadata

Metadata

Assignees

Labels

documentationImprovements or additions to documentationimprovementsecurityworkflow-style

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions