You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Active development velocity is high (418 commits / 7 days, dominated by Copilot-authored PRs). Security posture is stable but has 3 untracked findings from CodeQL alerts created in this window. No secret scanning alerts. Two high-priority issues (#42799, #42800) were created yesterday and remain open and unassigned. The critical governance gap is the insecure temp-file pattern (CodeQL HIGH #635) in a CI evaluation script, which has no tracking issue.
No repository hiding or access restriction is recommended; all findings are addressable through targeted code fixes.
Network-sourced data written to filesystem. Script is CI-only (not runtime), reducing blast radius. Medium severity. Needs: sanitization review or code fix.
HIGH severity. Insecure temp file — TOCTOU race, other-user-accessible. CI script context limits exposure, but the pattern is a known attack vector (CWE-377). Needs tmp library or mkdtemp.
GraphQL node IDs injected via fmt.Sprintf without escaping. IDs come from prior API responses, not direct user input. Low exploitability, but inconsistent with escapeGraphQLString(title) on line 303. Defense-in-depth gap.
Static query, no user input. Note-level. Low risk. No issue needed.
pkg/compiler/ ARC/DinD paths
A — Open Safe
PRs reviewed and tested. No CodeQL findings. Runtime path redirects have correct scoping.
4. Control Verification Gaps
Domain
Evidence
Gap
Confidence
Ownership
pelikhan active on compiler/CLI PRs; lpcox on ARC/DinD. Bot-authored scripts lack named owners.
CodeQL alerts #635, #636 are 7–10 days old with no assignee or tracking issue.
Medium
SDLC
CodeQL scanning active (v2.25.6). Semgrep running daily. PRs require review. make fmt + custom linters enforced.
Scripts (scripts/*.js, scripts/*.cjs) appear underrepresented in test coverage. No CI gate blocks on open Medium+ CodeQL alerts.
Medium
Dependency
Secret scanning: 0 alerts. npm/Node scripts in scripts/: dependency management unclear (no visible package.json pinning check in CI for these scripts).
docker/build-push-action@v7.2.0 in publish-safe-outputs-node.yml is not SHA-pinned (tracked #42800). No automated Dependabot SHA-pinning enforcement for Actions.
High
Secret exposure
0 open secret scanning alerts. GITHUB_TOKEN scoped appropriately in most workflows.
One user-reported concern (#42749) about misleading "will be leaked" compiler warning for auto-excluded engine.env secrets — not a real leak, but UX gap.
High (no real leak)
Runtime observability
Audit logging present in pkg/audit/. Error classification in detect_agent_errors.cjs.
No explicit monitoring/alerting for schedule parsing errors (schedule_fuzzy_scatter.go). Silent integer overflow would not trigger an alert.
Low
Recovery
Issues #42799 and #42800 created same-day as detection (2026-07-01). Remediation patterns for SHA pinning are well-documented.
Both issues unassigned. No SLA tracking or triage evidence. MTTR proxy: ~1 day since creation, no fix committed yet.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
UK AI Open Code Risk & Resilience Governance — 2026-07-02
Lookback window: 2026-06-25 → 2026-07-02 | Commits: 418 (92 security-signal) | Run: §28604141985
1. Executive Summary
Active development velocity is high (418 commits / 7 days, dominated by Copilot-authored PRs). Security posture is stable but has 3 untracked findings from CodeQL alerts created in this window. No secret scanning alerts. Two high-priority issues (#42799, #42800) were created yesterday and remain open and unassigned. The critical governance gap is the insecure temp-file pattern (CodeQL HIGH #635) in a CI evaluation script, which has no tracking issue.
No repository hiding or access restriction is recommended; all findings are addressable through targeted code fixes.
2. Asset Graph Summary (Recent-Change Scoped)
scripts/ensure-docs-slide-pdf.jsscripts/prepare-objective-impact-safe-output-evaluations.cjspkg/cli/project_command.gopkg/workflow/repository_features_validation.go.github/workflows/publish-safe-outputs-node.ymldocker/build-push-action@v7.2.0(CodeQL #625)pkg/parser/schedule_fuzzy_scatter.gopkg/compiler/(ARC/DinD PRs #42815, #42855)No Tier C or D assets identified.
3. Tier Classification Table
scripts/ensure-docs-slide-pdf.js(CodeQL #636)scripts/prepare-objective-impact-safe-output-evaluations.cjs(CodeQL #635)tmplibrary ormkdtemp.pkg/cli/project_command.go(CodeQL #627/#628)fmt.Sprintfwithout escaping. IDs come from prior API responses, not direct user input. Low exploitability, but inconsistent withescapeGraphQLString(title)on line 303. Defense-in-depth gap..github/workflows/publish-safe-outputs-node.yml(CodeQL #625)pkg/parser/schedule_fuzzy_scatter.go(CodeQL #637)repository_features_validation.go(CodeQL #626)pkg/compiler/ARC/DinD paths4. Control Verification Gaps
make fmt+ custom linters enforced.scripts/*.js,scripts/*.cjs) appear underrepresented in test coverage. No CI gate blocks on open Medium+ CodeQL alerts.scripts/: dependency management unclear (no visible package.json pinning check in CI for these scripts).docker/build-push-action@v7.2.0inpublish-safe-outputs-node.ymlis not SHA-pinned (tracked #42800). No automated Dependabot SHA-pinning enforcement for Actions.pkg/audit/. Error classification indetect_agent_errors.cjs.schedule_fuzzy_scatter.go). Silent integer overflow would not trigger an alert.5. Risk-Scoring Table
scripts/ensure-docs-slide-pdf.js(CodeQL #636, CWE-434/912)scripts/prepare-objective-impact-safe-output-evaluations.cjs(CodeQL #635, CWE-377/378)pkg/cli/project_command.go(CodeQL #627/#628, CWE-89)publish-safe-outputs-node.yml(CodeQL #625, CWE-829)schedule_fuzzy_scatter.go(CodeQL #637, CWE-190/681)repository_features_validation.go(CodeQL #626)pkg/compiler/ARC/DinD* ARC/DinD scored A because the changes are tested, reviewed, and contain no CodeQL findings.
Scoring dimensions (1=low, 5=high): Exposure amplification · Patchability (1=trivial) · Detectability (5=silent) · Operational fragility · Ownership confidence
6. Remediation Queue
scripts/prepare-objective-impact-safe-output-evaluations.cjs— insecure temp file (CodeQL #635, CWE-377)path.join(os.tmpdir(), ...)withfs.mkdtempSync(path.join(os.tmpdir(), 'prefix-'))or usetmpnpm librarypublish-safe-outputs-node.yml— unpinned action (CodeQL #625, CWE-829)docker/build-push-actionto full SHA. See issue #42800.schedule_fuzzy_scatter.go— int overflow (CodeQL #637, CWE-190)strconv.Atoi+ cast withstrconv.ParseUint(s, 10, 32). See issue #42799.scripts/ensure-docs-slide-pdf.js— http-to-file (CodeQL #636, CWE-434)pkg/cli/project_command.go— GraphQL unescaped IDs (CodeQL #627/#628, CWE-89)ownerId,projectId,repositoryIdwithescapeGraphQLString()or use parameterized GraphQL variables7. Exception Register
No exceptions requested. All findings are patchable without exception. No permanent hiding or access restriction recommended.
8. Operational Metrics Baseline
References:
Beta Was this translation helpful? Give feedback.
All reactions