feat: investigate Dependabot security alerts#35
Open
groovecoder wants to merge 17 commits into
Open
Conversation
Add alert discovery in sweep, investigation workflow, and post-action routing (bump PR for non-affected, private fork for affected). Closes #4
Repos can opt in via `investigate.dismiss_not_affected: true` in their .blender/blender.yml. When enabled, BLEnder dismisses Dependabot alerts as "inaccurate" instead of opening bump PRs for non-affected packages. Every investigation now posts a row to a tracking issue on the target repo. The issue is created on the first run, then reused. Each row is a comment (not a body edit) to avoid races when many workflows run concurrently.
groovecoder
commented
May 5, 2026
Replace tracking issue with JSON artifact to avoid exposing alert details on public repos. Remove open_bump_pr (no file changes made it useless). Rename "not affected" to "unaffected" everywhere. Extract shared sanitize_for_prompt into scripts/sanitize.sh. Fix "dedup" jargon in sweep.py comments.
groovecoder
commented
May 6, 2026
Replace JSON artifact with a styled HTML report. The report shows alert metadata, verdict, and source code snippets for each vulnerable path identified during investigation. Styled like a coverage report for easy in-browser review.
groovecoder
commented
May 6, 2026
Move read_code_snippet, render_html, and write_summary out of post_alert_action.py into a dedicated module. Keeps the action script focused on orchestration.
zizmor flagged workflow-level actions:write as overly broad. Only the investigate job needs it for upload-artifact.
GitHub Actions artifacts on public repos are world-readable. For affected alerts, the report now omits the reason and code paths. Those details live in the private security advisory instead. Unaffected reports keep the full analysis — nothing sensitive there.
Member
Author
|
Note: this workflow requires the blender app to have additional permissions:
I'm working with Mozilla GitHub admins on it. |
High and critical alerts now require human review before dismissal, even when dismiss_unaffected is enabled. Only low and medium severity alerts are auto-dismissed. Addresses security team feedback. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Member
Author
|
Filed https://bugzilla.mozilla.org/show_bug.cgi?id=2038058 for the additional app perms. |
The token action parameter was `permission-security-events` (code scanning alerts) but should be `permission-security-advisories` (repository security advisories). Matches the app's installed permissions. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The create-github-app-token action has no input for repository-advisories. Without permission-* inputs the token inherits all installed permissions, which already includes contents, pull-requests, vulnerability-alerts, and repository-advisories. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The workflow invokes post_alert_action.py with an absolute path from the target directory. Without the repo root on sys.path, the `from scripts.alert_report` import fails with ModuleNotFoundError. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Claude needs the Write tool to create .blender-alert-verdict.json. With only Read and Bash, the file write may be blocked by the sandbox. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The sandbox sometimes blocks file writes even with the Write tool enabled. When the verdict file is missing, the script now scans Claude's output log for a JSON object with the expected verdict fields and writes it to disk as a fallback. Also moves log cleanup to an EXIT trap so the log is available for the extraction step but still cleaned up on all exit paths. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The Write tool (added in 12bf60b) gave Claude a choice between Write and Bash for file creation. In sandbox mode, only Bash is auto-approved via autoAllowBashIfSandboxed. Claude picked Write, the file never got created, and the verdict was lost. Major mode uses Read,Bash only and writes the verdict file reliably. Match that pattern. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Three changes: - Remove redundant Step 1 (audit output already in prompt context) - Add turn budget warning so Claude reserves a turn for the verdict - Bump MAX_TURNS from 20 to 25 for safety margin Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Bash commands run inside bubblewrap sandbox. Files written by Bash do not persist after the sandbox exits. The Write tool runs in the host process and its writes survive. Both investigate and major modes now use Read,Write,Bash and their prompts tell Claude to use the Write tool for verdict files. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The bubblewrap sandbox prevents all file writes from persisting — both Bash and Write tool. Instead of fighting the sandbox, work with it: tell Claude to output the verdict JSON in a fenced VERDICT_JSON block, then extract it in run-claude.sh (which runs outside the sandbox). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add alert discovery in sweep, investigation workflow, and post-action routing (bump PR for non-affected, private fork for affected).
Closes #4