Jason Woltje
af2e2b083d
Adds automated code quality and security review pipeline that runs on pull requests using OpenAI Codex with structured output schemas. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
107 lines
3.0 KiB
JSON
107 lines
3.0 KiB
JSON
{
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"properties": {
|
|
"summary": {
|
|
"type": "string",
|
|
"description": "Brief overall security assessment of the code changes"
|
|
},
|
|
"risk_level": {
|
|
"type": "string",
|
|
"enum": ["critical", "high", "medium", "low", "none"],
|
|
"description": "Overall security risk level"
|
|
},
|
|
"confidence": {
|
|
"type": "number",
|
|
"minimum": 0,
|
|
"maximum": 1,
|
|
"description": "Confidence score for the review (0-1)"
|
|
},
|
|
"findings": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"properties": {
|
|
"severity": {
|
|
"type": "string",
|
|
"enum": ["critical", "high", "medium", "low"],
|
|
"description": "Vulnerability severity level"
|
|
},
|
|
"title": {
|
|
"type": "string",
|
|
"description": "Short title describing the vulnerability"
|
|
},
|
|
"file": {
|
|
"type": "string",
|
|
"description": "File path where the vulnerability was found"
|
|
},
|
|
"line_start": {
|
|
"type": "integer",
|
|
"description": "Starting line number"
|
|
},
|
|
"line_end": {
|
|
"type": "integer",
|
|
"description": "Ending line number"
|
|
},
|
|
"description": {
|
|
"type": "string",
|
|
"description": "Detailed explanation of the vulnerability"
|
|
},
|
|
"cwe_id": {
|
|
"type": "string",
|
|
"description": "CWE identifier if applicable (e.g., CWE-79)"
|
|
},
|
|
"owasp_category": {
|
|
"type": "string",
|
|
"description": "OWASP Top 10 category if applicable (e.g., A03:2021-Injection)"
|
|
},
|
|
"remediation": {
|
|
"type": "string",
|
|
"description": "Specific remediation steps to fix the vulnerability"
|
|
}
|
|
},
|
|
"required": [
|
|
"severity",
|
|
"title",
|
|
"file",
|
|
"line_start",
|
|
"line_end",
|
|
"description",
|
|
"cwe_id",
|
|
"owasp_category",
|
|
"remediation"
|
|
]
|
|
}
|
|
},
|
|
"stats": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"properties": {
|
|
"files_reviewed": {
|
|
"type": "integer",
|
|
"description": "Number of files reviewed"
|
|
},
|
|
"critical": {
|
|
"type": "integer",
|
|
"description": "Count of critical findings"
|
|
},
|
|
"high": {
|
|
"type": "integer",
|
|
"description": "Count of high findings"
|
|
},
|
|
"medium": {
|
|
"type": "integer",
|
|
"description": "Count of medium findings"
|
|
},
|
|
"low": {
|
|
"type": "integer",
|
|
"description": "Count of low findings"
|
|
}
|
|
},
|
|
"required": ["files_reviewed", "critical", "high", "medium", "low"]
|
|
}
|
|
},
|
|
"required": ["summary", "risk_level", "confidence", "findings", "stats"]
|
|
}
|