Skip to content

Build: add security-policy and vulnerability-reporting annotations#138

Merged
toddysm merged 2 commits into
mainfrom
feature/security-annotations
Jul 2, 2026
Merged

Build: add security-policy and vulnerability-reporting annotations#138
toddysm merged 2 commits into
mainfrom
feature/security-annotations

Conversation

@toddysm

@toddysm toddysm commented Jul 2, 2026

Copy link
Copy Markdown
Owner

Summary

Implements #134 — adds two custom OCI annotations to the CSSC Dashboard service images so the security policy and the vulnerability-reporting endpoint travel with the image metadata.

Changes

  • build-cssc-dashboard.yml: two new annotations in the shared annotation set (applied at both index and per-platform manifest scope):
    • com.toddysm.security.policy = ${SERVER_URL}/${REPO}?tab=security-ov-file (the repository security policy).
    • com.toddysm.security.reporturl = ${SERVER_URL}/${REPO}/security/advisories/new (programmatic vulnerability-report intake).
  • docs/reference/image-annotations.md: documented both in the custom-annotations table.
  • docs/guides/build/reading-image-annotations.md: documented both in the guide table.

URLs are built from the existing SERVER_URL/REPO env vars for portability. actionlint clean; VS Code get_errors clean.

Closes #134.

Copilot AI review requested due to automatic review settings July 2, 2026 15:40
@toddysm toddysm added feature New feature or request build Related to the Build stage labels Jul 2, 2026

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds OCI image annotations to the CSSC Dashboard build so consumers can discover the repository’s security policy and vulnerability reporting endpoint directly from image metadata, and documents those annotations.

Changes:

  • Adds two new com.toddysm.security.* annotations to the shared annotation set in build-cssc-dashboard.yml, applied at both index and per-platform manifest scope.
  • Documents the new annotations in the reference and guide markdown tables.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.

File Description
.github/workflows/build-cssc-dashboard.yml Adds two new OCI annotations to the shared annotation array for dashboard image builds.
docs/reference/image-annotations.md Documents the new security-related annotations in the custom annotations reference table.
docs/guides/build/reading-image-annotations.md Documents the new security-related annotations in the “reading annotations” guide table.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .github/workflows/build-cssc-dashboard.yml Outdated
Comment thread docs/reference/image-annotations.md Outdated
Comment thread docs/guides/build/reading-image-annotations.md Outdated
@toddysm
toddysm merged commit 6eca000 into main Jul 2, 2026
3 checks passed
@toddysm
toddysm deleted the feature/security-annotations branch July 2, 2026 16:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

build Related to the Build stage feature New feature or request

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Build: add security-policy and vulnerability-reporting annotations

2 participants