Repository security advisories #925
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There was a problem hiding this comment.
Pull Request Overview
This pull request adds new functionality to list security advisories for both individual repositories and entire organizations, expanding the existing security advisory tools beyond global advisories.
- Implements two new tools:
list_repository_security_advisoriesandlist_org_repository_security_advisories - Adds comprehensive test coverage for both new functions with various scenarios including success cases and error handling
- Updates documentation to include the new tools in the README
Reviewed Changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| pkg/github/tools.go | Registers the two new security advisory tools in the default toolset |
| pkg/github/security_advisories.go | Implements the core logic for listing repository and organization security advisories |
| pkg/github/security_advisories_test.go | Adds comprehensive test suites for both new functions |
| README.md | Documents the new tools with their parameters and descriptions |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
You can also share your feedback on Copilot code review for a chance to win a $100 gift card. Take the survey.
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
jurre
force-pushed
the
jurre/security-advisories
branch
from
ea3f02b to
64030f7
Compare
jurre
force-pushed
the
jurre/repo-security-advisories
branch
from
0fedb62 to
b5ecdb6
Compare
jurre
force-pushed
the
jurre/repo-security-advisories
branch
from
b5ecdb6 to
a9bcac5
Compare
tommaso-moro
approved these changes
Aug 21, 2025
ipapapa
pushed a commit
to ipapapa/github-mcp-server
that referenced
this pull request
Aug 28, 2025
* Add support for listing repo level security advisories * Add support for listing repo security advisories at the org level
LuluBeatson
added a commit
that referenced
this pull request
Sep 4, 2025
* docs: Add Google Gemini CLI installation guide and integration - Add comprehensive installation guide for Google Gemini CLI - Include Docker and binary configuration options - Add authentication setup for Gemini API and Vertex AI - Update main README.md to include Gemini CLI in installation guides - Update installation guides index with Gemini CLI entry and support matrix - Follow established documentation patterns and security best practices * Fix Gemini CLI command syntax and add remote server method - Replace all 'gemini-cli' commands with correct 'gemini' syntax - Fix verification commands to use '/mcp list' and '/tools' prompts - Add httpUrl remote server method as primary configuration option - Update config file paths from settings.json to config.json - Correct npx installation command syntax - Add link to official Gemini CLI documentation Addresses feedback from soisyourface in PR review. * Emphasize official Gemini CLI documentation link Reduce detailed installation steps and direct users to official docs for up-to-date instructions, addressing reviewer feedback about maintainability. * Fix Gemini CLI configuration file name: config.json -> settings.json The correct configuration file for Gemini CLI is settings.json, not config.json. This applies to both global (~/.gemini/settings.json) and project-specific (.gemini/settings.json) configurations as confirmed by official documentation. * Remove Gemini CLI installation and authentication sections Removed lines 11-41 containing Gemini CLI installation commands and authentication setup instructions. * Add Podman as Docker alternative in prerequisites Added Podman as container engine option alongside Docker. * Remove references to deprecated npm package * Add comprehensive ~/.gemini/.env file example * Fix authorization header to use literal token placeholder Environment variable substitution in headers is not yet supported by Gemini CLI (see google-gemini/gemini-cli#5282). * Add issue types (#869) * feat: add type to issues * test: add `type` test for create and update issues * Generate docs and toolsnaps * Update pkg/github/issues.go Co-authored-by: Copilot <[email protected]> * Use github ptr --------- Co-authored-by: Pranav RK <[email protected]> Co-authored-by: Pranav RK <[email protected]> Co-authored-by: Alon Kenneth <[email protected]> Co-authored-by: Copilot <[email protected]> * Enable Dependabot (#654) * Create/Update dependabot.yaml * Apply suggestion from @Copilot Co-authored-by: Copilot <[email protected]> --------- Co-authored-by: Copilot <[email protected]> * Bump SDK version to 0.36.0 (#863) * Use server.ServerResourceTemplate and server.ServerPrompt wrappers (#886) * Update "Close inactive issues" workflow to close issues after 180 days of inactivity (#909) * update PR_DAYS_BEFORE_STALE * update to mark as stale after 60 days * Update Claude MCP install guide after testing (#706) * Revise Claude installation guide - Verified Claude Code installation steps - Identified and documented issues with Claude Desktop setup - Updated installation documentation based on testing * Revise instructions for opening Claude Code Updated recommendations for opening Claude Code. * Update docs/installation-guides/install-claude.md Co-authored-by: Copilot <[email protected]> * Update docs/installation-guides/install-claude.md Co-authored-by: Copilot <[email protected]> * Update installation guide for Claude setup Added installation option for using Claude Code using a release binary. * Change section title for Go Binary installation Updated section title for clarity regarding installation without Docker. * Close double quote in bash command --------- Co-authored-by: Copilot <[email protected]> Co-authored-by: LuluBeatson <[email protected]> Co-authored-by: Matt Holloway <[email protected]> Co-authored-by: Tommaso Moro <[email protected]> * Add actions job log buffer and profiler (#866) * add sliding window for actions logs * refactor: fix sliding * remove trim content * only use up to 1mb of memory for logs * update to tail lines in second pass * add better memory usage calculation * increase window size to 5MB * update test * update vers * undo vers change * add incremental memory tracking * use ring buffer * remove unused ctx param * remove manual GC clear * fix cca feedback * extract ring buffer logic to new package * handle log content processing errors and use correct param for maxjobloglines * fix tailing * account for if tailLines exceeds window size * add profiling thats reusable * remove profiler testing * refactor profiler: introduce safeMemoryDelta for accurate memory delta calculations * linter fixes * Update pkg/buffer/buffer.go Co-authored-by: Copilot <[email protected]> * use flag for maxJobLogLines * add param passing for context window size * refactor: rename contextWindowSize to contentWindowSize for consistency * fix: use tailLines if bigger but only if <= 5000 * fix: limit tailLines to a maximum of 500 for log content download * Update cmd/github-mcp-server/main.go Co-authored-by: Adam Holt <[email protected]> * Update cmd/github-mcp-server/main.go Co-authored-by: Adam Holt <[email protected]> * move profiler to internal/ * update actions test with new profiler location * fix: adjust buffer size limits * make line buffer 1028kb * fix mod path * change test to use same buffer size as normal use * improve test for non-sliding window implementation to not count empty lines * make test memory measurement more accurate * remove impossible conditional --------- Co-authored-by: Copilot <[email protected]> Co-authored-by: Adam Holt <[email protected]> * Add get_release_by_tag tool (#938) * add get_release_by_tag tool * add tool * add tests * autogen * remove comment * docs(readme): Update readme to point to correct installation guides index (#892) * docs(readme): Update readme to point to correct installation guides index * feat(contributors): add list_repository_contributors tool * Revert "feat(contributors): add list_repository_contributors tool" This reverts commit ece480e. --------- Co-authored-by: Tommaso Moro <[email protected]> * Add Global Security Advisories Toolset (#919) * Repository security advisories (#925) * Add support for listing repo level security advisories * Add support for listing repo security advisories at the org level * Update Cursor installation link (#940) * use new link * update local install link * Change role from "system" to "user" in prompt messages for `AssignCodingAgentPrompt` and `IssueToFixWorkflowPrompt`. Role "system" is not allowed by Claude Code in MCP provided prompt (allowed only role "user" and "assistant") (#941) Co-authored-by: 0xGosu <[email protected]> * Local MCP is supported * Refactor Gemini CLI install guide * Remove Bearer from Authorization header * Add reference to main README for latest config * Bearer needed for headers, add references * Add minimal response to CRUD tools, `repositories` and `search` toolsets (#988) * add comprehensive minimal response where appropriate * remove unneeded comments * remove incorrect diff param * update docs * rm comment * Update pkg/github/repositories.go Co-authored-by: Lulu <[email protected]> * update toolsnaps and docs * change minimal_output to use new OptionalBoolParamWithDefault * Update pkg/github/repositories.go Co-authored-by: Lulu <[email protected]> * refactor minimal conversion funcs to minimal_types.go * consolidate response structs and remove unneeded message field * consolidate response further * remove CloneURL field * Update pkg/github/repositories.go Co-authored-by: Copilot <[email protected]> * Update pkg/github/server.go Co-authored-by: Copilot <[email protected]> * fix undefined * change incorrect comment * remove old err var declaration * Update pkg/github/repositories.go Co-authored-by: Copilot <[email protected]> * fix syntax issue * update toolsnaps --------- Co-authored-by: Lulu <[email protected]> Co-authored-by: Copilot <[email protected]> * initial org repo create support (#1023) --------- Co-authored-by: JoannaaKL <[email protected]> Co-authored-by: Pranav RK <[email protected]> Co-authored-by: Pranav RK <[email protected]> Co-authored-by: Alon Kenneth <[email protected]> Co-authored-by: Copilot <[email protected]> Co-authored-by: Zack Koppert <[email protected]> Co-authored-by: Ksenia Bobrova <[email protected]> Co-authored-by: Tommaso Moro <[email protected]> Co-authored-by: Dimitrios Philliou <[email protected]> Co-authored-by: LuluBeatson <[email protected]> Co-authored-by: Matt Holloway <[email protected]> Co-authored-by: Adam Holt <[email protected]> Co-authored-by: Rebecca Biju <[email protected]> Co-authored-by: Jurre <[email protected]> Co-authored-by: 0xGosu <[email protected]> Co-authored-by: Lulu <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request adds new functionality to list security advisories for both individual repositories and entire organizations, along with corresponding tests and documentation updates.
This builds on #919 and the PR is stacked against that, we can either merge it into that branch, or have it rebased against main when it lands.