Skip to content

Use GitHub MCP server with dynamic repo context in code-scanning-fixer workflow #10164

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
pelikhan merged 3 commits into from
Jan 16, 2026
Merged

Use GitHub MCP server with dynamic repo context in code-scanning-fixer workflow #10164

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
980c06a
Initial plan
Copilot Jan 16, 2026
bcc21e2
Update code-scanning-fixer to use GitHub MCP and dynamic repo parameters
Copilot Jan 16, 2026
78c4958
Merge branch 'main' into copilot/update-list-code-scanning-alerts
pelikhan Jan 16, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 20 additions & 6 deletions .github/workflows/code-scanning-fixer.lock.yml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

22 changes: 16 additions & 6 deletions .github/workflows/code-scanning-fixer.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,11 +57,14 @@ Before selecting an alert, check the cache memory to see which alerts have been

### 2. List High Severity Alerts

Use the GitHub API to list all open code scanning alerts:
- Use `list_code_scanning_alerts` with `state: open`
- Filter the results to only include alerts with `severity: high`
- Sort by creation date (oldest first) to prioritize long-standing issues
- Create a list of alert numbers that are high severity and still open
Use the GitHub MCP server to list all open code scanning alerts with high severity:
- Use `list_code_scanning_alerts` with the following parameters:
- `owner`: ${{ github.repository_owner }}
- `repo`: The repository name (extract from `${{ github.repository }}` - it's the part after the slash)
- `state`: open
- `severity`: high
- This will return only high severity alerts that are currently open
- Create a list of alert numbers from the results

### 3. Select an Unfixed Alert

Expand All @@ -73,6 +76,10 @@ From the list of high severity alerts:
### 4. Get Alert Details

Get detailed information about the selected alert using `get_code_scanning_alert`:
- Call with parameters:
- `owner`: ${{ github.repository_owner }}
- `repo`: The repository name (extract from `${{ github.repository }}` - it's the part after the slash)
- `alertNumber`: The alert number from step 3
- Extract key information:
- Alert number
- Severity level (should be "high")
Expand All @@ -84,7 +91,10 @@ Get detailed information about the selected alert using `get_code_scanning_alert
### 5. Analyze the Vulnerability

Understand the security issue:
- Read the affected file using `get_file_contents`
- Read the affected file using `get_file_contents`:
- `owner`: ${{ github.repository_owner }}
- `repo`: The repository name (extract from `${{ github.repository }}` - it's the part after the slash)
- `path`: The file path from the alert
- Review the code context around the vulnerability (at least 20 lines before and after)
- Understand the root cause of the security issue
- Research the specific vulnerability type (use the rule ID and CWE)
Expand Down
Loading