[uk ai resilience] UK AI Open Code Risk & Resilience Governance — Weekly Report 2026-07-01 #42798
Closed
Replies: 1 comment
-
|
This discussion has been marked as outdated by UK AI Operational Resilience. A newer discussion is available at Discussion #43013. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Executive Summary
Weekly UK AI Open Code Risk & Resilience Governance scan for
github/gh-aw, lookback 2026-06-24 → 2026-07-01. 451 commits merged, 110 flagged for security signals, 15 open security-labelled issues, 8 open code scanning alerts, 0 secret scanning alerts.Overall posture: Tier B (Open With Conditions) — one active Tier C finding (AIC guardrail starvation, tracked as #42761), five Tier B findings requiring time-boxed remediation. No Tier D findings. Repository is actively maintained with strong CI/CodeQL coverage; primary gaps are in alert triage velocity and cross-run operational coordination.
Asset Graph (recent-change scoped)
Tier Classification Table
Control Verification Gaps
Risk-Scoring Table
Remediation Queue
Critical (<24h): #42761 AIC Guardrail — implement O(1) aggregate-cache read; widen fallback; add in-loop rate-limit backoff; decide on isolated token.
High (<7d): CodeQL #637 parser int overflow; Semgrep #627/#628 GraphQL injection; CodeQL #625 unpinned action.
Medium (<30d): Script file ops (#635/#636); engine/skill auth audit (#42749).
Operational Metrics
References: §28531380129
Beta Was this translation helpful? Give feedback.
All reactions