Skip to content

Campaign: Security Alert Burndown #11231

New issue
New issue
Closed
#11232
Closed
Campaign: Security Alert Burndown#11231
#11232
Assignees
mnkiefercopilot-swe-agent
Labels
automationcreate-agentic-campaignenhancementNew feature or requestsecurityworkflows
@mnkiefer

Description

@mnkiefer
mnkiefer
opened on Jan 22, 2026

Write a campaign that burns down the code security alerts backlog. Focus on file write issues first, cluster alerts if possible (up to 3), and add comments generated code for fixes. Use Claude for codegen, copilot for campaign manager

Campaign setup status

Status: Ready for PR review

What just happened

  • Created Project: #aw_90ee2db58e56 (Security Alert Burndown)
  • Created standard fields (status, campaign_id, worker_workflow, repository, priority, size, start_date, end_date) with proper single-select options
  • Created views: Campaign Roadmap (roadmap), Task Tracker (table), Progress Board (board)
  • Generated campaign spec: .github/workflows/security-alert-burndown.campaign.md
  • Selected workflows: code-scanning-fixer, security-fix-pr

What happens next

  1. Copilot Coding Agent will open a pull request with the generated files.
  2. You review the PR and merge it.
  3. After merge, run the orchestrator workflow from the Actions tab to activate the campaign.

Copilot Coding Agent handoff

  • Campaign ID: security-alert-burndown
  • Project URL: #aw_90ee2db58e56
  • Workflows: code-scanning-fixer, security-fix-pr

Run:

gh aw compile

Commit and include in the PR:

  • .github/workflows/security-alert-burndown.campaign.md
  • .github/workflows/security-alert-burndown.campaign.g.md
  • .github/workflows/security-alert-burndown.campaign.lock.yml

Acceptance checklist:

  • gh aw compile succeeds without errors
  • Orchestrator lock file updated with campaign configuration
  • PR opened and linked back to this issue (Campaign: Security Alert Burndown #11231)
  • All three campaign files committed

Campaign Overview

This campaign systematically burns down code security alerts with the following strategy:

Focus Areas:

  • Prioritizes file write security issues (highest risk)
  • Clusters related alerts (up to 3) for efficient remediation
  • Uses Claude for code generation with detailed security comments
  • All fixes go through PR review process

Workflows:

  • code-scanning-fixer: Runs every 30 minutes, automatically fixes high severity alerts
  • security-fix-pr: Runs every 4 hours, can be manually triggered for specific alerts

Risk Level: High (requires 2 approvals + sponsor)

Timeline:

  • Phase 1 (Weeks 1-2): High severity file write issues
  • Phase 2 (Weeks 3-4): Clustered alert remediation
  • Phase 3 (Week 5+): Remaining alerts cleanup

Documentation

  • Getting started: (redacted)
  • Flow & lifecycle: (redacted)
  • Campaign specs: (redacted)

Generated by [Agentic Campaign Generator](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})

Ahoy! This treasure was crafted by 🏴‍☠️ Agentic Campaign Generator

Metadata

Metadata

Assignees

Labels

automationcreate-agentic-campaignenhancementNew feature or requestsecurityworkflows

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions