From 05cb8046d628289ca5d465df86163bea482d2945 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Thu, 4 Dec 2025 20:38:28 +0000 Subject: [PATCH] feat: enhance QA_Security agent workflow with CodeQL and Trivy scan execution --- .github/agents/QA_Security.agent.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/agents/QA_Security.agent.md b/.github/agents/QA_Security.agent.md index 878b714f..4ad58095 100644 --- a/.github/agents/QA_Security.agent.md +++ b/.github/agents/QA_Security.agent.md @@ -27,7 +27,7 @@ Your job is to act as an ADVERSARY. The Developer says "it works"; your job is t 3. **Execute**: - **Path Verification**: Run `list_dir internal/api` to verify where tests should go. - **Creation**: Write a new test file (e.g., `internal/api/tests/audit_test.go`) to test the *flow*. - - **Run**: Execute `go test ./internal/api/tests/...` (or specific path). + - **Run**: Execute `go test ./internal/api/tests/...` (or specific path). Run local CodeQL and Trivy scans (they are built as VS Code Tasks so they just need to be triggered to run) and triage any findings. - **Cleanup**: If the test was temporary, delete it. If it's valuable, keep it.