feat: enhance QA_Security agent workflow with CodeQL and Trivy scan execution
This commit is contained in:
GitHub Actions
2
.github/agents/QA_Security.agent.md
vendored
2
.github/agents/QA_Security.agent.md
vendored
@@ -27,7 +27,7 @@ Your job is to act as an ADVERSARY. The Developer says "it works"; your job is t
|
||||
3. **Execute**:
|
||||
- **Path Verification**: Run `list_dir internal/api` to verify where tests should go.
|
||||
- **Creation**: Write a new test file (e.g., `internal/api/tests/audit_test.go`) to test the *flow*.
|
||||
- **Run**: Execute `go test ./internal/api/tests/...` (or specific path).
|
||||
- **Run**: Execute `go test ./internal/api/tests/...` (or specific path). Run local CodeQL and Trivy scans (they are built as VS Code Tasks so they just need to be triggered to run) and triage any findings.
|
||||
- **Cleanup**: If the test was temporary, delete it. If it's valuable, keep it.
|
||||
</workflow>
|
||||
|
||||
|
||||
Reference in New Issue
Block a user