Normalize report formatting for secret-scanning-triage workflow

[Copilot]

The secret-scanning-triage workflow created issues for secret rotation without structured formatting guidelines, making them inconsistent with other security workflows.

Changes

• Added shared/reporting.md import to frontmatter for consistent report formatting across workflows

• Replaced section 5B bullet list with structured issue template:

  • Issue title: [secret-triage] Rotate {secret_type} in {file_path}
  • h3 headers for proper hierarchy (not h1/h2)
  • Critical info immediately visible (alert link, secret type, location)
  • Immediate actions (rotate, invalidate, audit) as numbered steps
  • Detailed remediation wrapped in <details> tags (history cleanup, guardrails)
  • References section with alert and workflow run links

Template Example

### 🚨 Secret Detected

**Alert**: [View Alert #{alert_number}]({alert_url})  
**Secret Type**: {secret_type}  
**Location**: `{file_path}` (commit {commit_sha})

### ⚡ Immediate Actions Required

1. **Rotate the credential**
   - Generate a new {secret_type}
   - Update production systems

<details>
<summary><b>View Detailed Remediation Steps</b></summary>

#### History Cleanup
- Use `git-filter-repo` or BFG to remove secret from git history
...
</details>

The template follows progressive disclosure: critical information visible, detailed remediation available but collapsed.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>[workflow-style] Normalize report formatting for secret-scanning-triage</issue_title>
<issue_description>### Workflow to Update

Workflow File: .github/workflows/secret-scanning-triage.md

Issues Found:

• No progressive disclosure instructions for issue body formatting
• Doesn't import shared/reporting.md guidelines

Current Behavior

The workflow creates issues for secret rotation (section 5B, lines 110-120) but doesn't specify formatting guidelines for the issue body.

Required Changes

1. Import Shared Reporting Guidelines

Add to the imports section at the top of the file:

imports:
  - shared/reporting.md

2. Update Issue Creation Instructions

In section 5B) If (B): create an issue with rotation steps (around line 110), provide a structured template:

Current (lines 110-120):

### 5B) If (B): create an issue with rotation steps

Emit one `create_issue` safe output with:
- Alert link
- File path(s)
- Recommended immediate actions:
  - rotate the credential
  - invalidate the old token
  - audit recent usage
  - then remove from repo history if applicable
- Suggested follow-up: add detection/guardrails

Updated with proper formatting:

### 5B) If (B): create an issue with rotation steps

Create an issue using this template structure (follow shared/reporting.md guidelines):

**Issue Title**: `[secret-triage] Rotate {secret_type} in {file_path}`

**Issue Body Template**:
\`\`\`markdown
### 🚨 Secret Detected

**Alert**: [View Alert #{alert_number}]({alert_url})  
**Secret Type**: {secret_type}  
**Location**: `{file_path}` (commit {commit_sha})  
**Status**: Requires immediate rotation

### ⚡ Immediate Actions Required

1. **Rotate the credential**
   - Generate a new {secret_type}
   - Update production systems with new credential
   
2. **Invalidate the old token**
   - Revoke the exposed credential immediately
   - Verify revocation was successful

3. **Audit recent usage**
   - Check logs for unauthorized access
   - Review activity since {commit_date}

<details>
<summary><b>View Detailed Remediation Steps</b></summary>

#### History Cleanup

After rotation and invalidation:
- Use `git-filter-repo` or BFG to remove secret from git history
- Force push to all branches containing the secret
- Notify contributors to rebase their branches

#### Add Detection/Guardrails

- Enable pre-commit secret scanning hooks
- Add the file path to `.gitignore` if it's a config file
- Document secret management procedures in SECURITY.md

</details>

### References

- Alert: [§{alert_number}]({alert_url})
- Workflow Run: [§{run_id}](https://github.com/githubnext/gh-aw/actions/runs/{run_id})
\`\`\`

**Key formatting requirements**:
- Use h3 (###) headers, not h1 or h2
- Keep critical info visible (alert link, secret type, immediate actions)
- Wrap detailed steps in `<details><summary><b>Section</b></summary>` tags
- Include workflow run reference at the end

Design Principles

The updated issue format should:

1. Build trust through clarity: Critical info (alert link, secret type) immediately visible
2. Actionable guidance: Clear numbered steps for immediate actions
3. Progressive disclosure: Detailed remediation steps collapsed but available
4. Consistent formatting: Follows patterns from other security workflows

Reference Examples

Good examples of security issue formatting:

• shared/reporting.md - Report structure guidelines
• Other triage workflows that create structured issues

Testing

After making changes:

1. Trigger the workflow to process a test secret alert
2. Verify the created issue uses h3+ headers
3. Verify detailed remediation steps are in <details> tags
4. Verify critical information is immediately visible

AI generated by Workflow Normalizer

• expires on Feb 2, 2026, 12:26 PM UTC

Comments on the Issue (you are @copilot in this section)

• Fixes [workflow-style] Normalize report formatting for secret-scanning-triage #11864

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.