- Notifications
You must be signed in to change notification settings - Fork2.7k
Repository security advisories#925
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Merged
Merged
Uh oh!
There was an error while loading.Please reload this page.
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Pull Request Overview
This pull request adds new functionality to list security advisories for both individual repositories and entire organizations, expanding the existing security advisory tools beyond global advisories.
- Implements two new tools:
list_repository_security_advisoriesandlist_org_repository_security_advisories - Adds comprehensive test coverage for both new functions with various scenarios including success cases and error handling
- Updates documentation to include the new tools in the README
Reviewed Changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| pkg/github/tools.go | Registers the two new security advisory tools in the default toolset |
| pkg/github/security_advisories.go | Implements the core logic for listing repository and organization security advisories |
| pkg/github/security_advisories_test.go | Adds comprehensive test suites for both new functions |
| README.md | Documents the new tools with their parameters and descriptions |
Tip: Customize your code reviews with copilot-instructions.md.Create the file orlearn how to get started.
You can also share your feedback on Copilot code review for a chance to win a $100 gift card.Take the survey.
Uh oh!
There was an error while loading.Please reload this page.
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
Uh oh!
There was an error while loading.Please reload this page.
tommaso-moro previously approved these changesAug 20, 2025
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Lgtm! Great one 🚀
ea3f02b to64030f7Compare0fedb62 tob5ecdb6Compareb5ecdb6 toa9bcac5Comparetommaso-moro approved these changesAug 21, 2025
d03072f intomain 16 checks passed
Uh oh!
There was an error while loading.Please reload this page.
ipapapa pushed a commit to ipapapa/github-mcp-server that referenced this pull requestAug 28, 2025
* Add support for listing repo level security advisories* Add support for listing repo security advisories at the org level
LuluBeatson added a commit that referenced this pull requestSep 4, 2025
* docs: Add Google Gemini CLI installation guide and integration- Add comprehensive installation guide for Google Gemini CLI- Include Docker and binary configuration options- Add authentication setup for Gemini API and Vertex AI- Update main README.md to include Gemini CLI in installation guides- Update installation guides index with Gemini CLI entry and support matrix- Follow established documentation patterns and security best practices* Fix Gemini CLI command syntax and add remote server method- Replace all 'gemini-cli' commands with correct 'gemini' syntax- Fix verification commands to use '/mcp list' and '/tools' prompts- Add httpUrl remote server method as primary configuration option- Update config file paths from settings.json to config.json- Correct npx installation command syntax- Add link to official Gemini CLI documentationAddresses feedback from soisyourface in PR review.* Emphasize official Gemini CLI documentation linkReduce detailed installation steps and direct users to official docs forup-to-date instructions, addressing reviewer feedback about maintainability.* Fix Gemini CLI configuration file name: config.json -> settings.jsonThe correct configuration file for Gemini CLI is settings.json, not config.json.This applies to both global (~/.gemini/settings.json) and project-specific(.gemini/settings.json) configurations as confirmed by official documentation.* Remove Gemini CLI installation and authentication sectionsRemoved lines 11-41 containing Gemini CLI installation commands andauthentication setup instructions.* Add Podman as Docker alternative in prerequisitesAdded Podman as container engine option alongside Docker.* Remove references to deprecated npm package* Add comprehensive ~/.gemini/.env file example* Fix authorization header to use literal token placeholderEnvironment variable substitution in headers is not yet supportedby Gemini CLI (seegoogle-gemini/gemini-cli#5282).* Add issue types (#869)* feat: add type to issues* test: add `type` test for create and update issues* Generate docs and toolsnaps* Update pkg/github/issues.goCo-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>* Use github ptr---------Co-authored-by: Pranav RK <pranavrk7@gmail.com>Co-authored-by: Pranav RK <39577726+radar07@users.noreply.github.com>Co-authored-by: Alon Kenneth <11458012+akenneth@users.noreply.github.com>Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>* Enable Dependabot (#654)* Create/Update dependabot.yaml* Apply suggestion from @CopilotCo-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>---------Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>* Bump SDK version to 0.36.0 (#863)* Use server.ServerResourceTemplate and server.ServerPrompt wrappers (#886)* Update "Close inactive issues" workflow to close issues after 180 days of inactivity (#909)* update PR_DAYS_BEFORE_STALE* update to mark as stale after 60 days* Update Claude MCP install guide after testing (#706)* Revise Claude installation guide- Verified Claude Code installation steps- Identified and documented issues with Claude Desktop setup- Updated installation documentation based on testing* Revise instructions for opening Claude CodeUpdated recommendations for opening Claude Code.* Update docs/installation-guides/install-claude.mdCo-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>* Update docs/installation-guides/install-claude.mdCo-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>* Update installation guide for Claude setupAdded installation option for using Claude Code using a release binary.* Change section title for Go Binary installationUpdated section title for clarity regarding installation without Docker.* Close double quote in bash command---------Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>Co-authored-by: LuluBeatson <lulubeatson@github.com>Co-authored-by: Matt Holloway <mattdholloway@github.com>Co-authored-by: Tommaso Moro <37270480+tommaso-moro@users.noreply.github.com>* Add actions job log buffer and profiler (#866)* add sliding window for actions logs* refactor: fix sliding* remove trim content* only use up to 1mb of memory for logs* update to tail lines in second pass* add better memory usage calculation* increase window size to 5MB* update test* update vers* undo vers change* add incremental memory tracking* use ring buffer* remove unused ctx param* remove manual GC clear* fix cca feedback* extract ring buffer logic to new package* handle log content processing errors and use correct param for maxjobloglines* fix tailing* account for if tailLines exceeds window size* add profiling thats reusable* remove profiler testing* refactor profiler: introduce safeMemoryDelta for accurate memory delta calculations* linter fixes* Update pkg/buffer/buffer.goCo-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>* use flag for maxJobLogLines* add param passing for context window size* refactor: rename contextWindowSize to contentWindowSize for consistency* fix: use tailLines if bigger but only if <= 5000* fix: limit tailLines to a maximum of 500 for log content download* Update cmd/github-mcp-server/main.goCo-authored-by: Adam Holt <omgitsads@github.com>* Update cmd/github-mcp-server/main.goCo-authored-by: Adam Holt <omgitsads@github.com>* move profiler to internal/* update actions test with new profiler location* fix: adjust buffer size limits* make line buffer 1028kb* fix mod path* change test to use same buffer size as normal use* improve test for non-sliding window implementation to not count empty lines* make test memory measurement more accurate* remove impossible conditional---------Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>Co-authored-by: Adam Holt <omgitsads@github.com>* Add get_release_by_tag tool (#938)* add get_release_by_tag tool* add tool* add tests* autogen* remove comment* docs(readme): Update readme to point to correct installation guides index (#892)* docs(readme): Update readme to point to correct installation guides index* feat(contributors): add list_repository_contributors tool* Revert "feat(contributors): add list_repository_contributors tool"This reverts commitece480e.---------Co-authored-by: Tommaso Moro <37270480+tommaso-moro@users.noreply.github.com>* Add Global Security Advisories Toolset (#919)* Repository security advisories (#925)* Add support for listing repo level security advisories* Add support for listing repo security advisories at the org level* Update Cursor installation link (#940)* use new link* update local install link* Change role from "system" to "user" in prompt messages for `AssignCodingAgentPrompt` and `IssueToFixWorkflowPrompt`. Role "system" is not allowed by Claude Code in MCP provided prompt (allowed only role "user" and "assistant") (#941)Co-authored-by: 0xGosu <0xGosu@gmail.com>* Local MCP is supported* Refactor Gemini CLI install guide* Remove Bearer from Authorization header* Add reference to main README for latest config* Bearer needed for headers, add references* Add minimal response to CRUD tools, `repositories` and `search` toolsets (#988)* add comprehensive minimal response where appropriate* remove unneeded comments* remove incorrect diff param* update docs* rm comment* Update pkg/github/repositories.goCo-authored-by: Lulu <59149422+LuluBeatson@users.noreply.github.com>* update toolsnaps and docs* change minimal_output to use new OptionalBoolParamWithDefault* Update pkg/github/repositories.goCo-authored-by: Lulu <59149422+LuluBeatson@users.noreply.github.com>* refactor minimal conversion funcs to minimal_types.go* consolidate response structs and remove unneeded message field* consolidate response further* remove CloneURL field* Update pkg/github/repositories.goCo-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>* Update pkg/github/server.goCo-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>* fix undefined* change incorrect comment* remove old err var declaration* Update pkg/github/repositories.goCo-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>* fix syntax issue* update toolsnaps---------Co-authored-by: Lulu <59149422+LuluBeatson@users.noreply.github.com>Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>* initial org repo create support (#1023)---------Co-authored-by: JoannaaKL <joannaakl@github.com>Co-authored-by: Pranav RK <pranavrk7@gmail.com>Co-authored-by: Pranav RK <39577726+radar07@users.noreply.github.com>Co-authored-by: Alon Kenneth <11458012+akenneth@users.noreply.github.com>Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>Co-authored-by: Zack Koppert <zkoppert@github.com>Co-authored-by: Ksenia Bobrova <almaleksia@github.com>Co-authored-by: Tommaso Moro <37270480+tommaso-moro@users.noreply.github.com>Co-authored-by: Dimitrios Philliou <d1m1tr10s@github.com>Co-authored-by: LuluBeatson <lulubeatson@github.com>Co-authored-by: Matt Holloway <mattdholloway@github.com>Co-authored-by: Adam Holt <omgitsads@github.com>Co-authored-by: Rebecca Biju <113070179+beccccaboo@users.noreply.github.com>Co-authored-by: Jurre <jurre@github.com>Co-authored-by: 0xGosu <0xGosu@gmail.com>Co-authored-by: Lulu <59149422+LuluBeatson@users.noreply.github.com>
nickytonline pushed a commit to nickytonline/github-mcp-http that referenced this pull requestOct 4, 2025
* Add support for listing repo level security advisories* Add support for listing repo security advisories at the org level
nickytonline pushed a commit to nickytonline/github-mcp-http that referenced this pull requestOct 4, 2025
…b#757)* docs: Add Google Gemini CLI installation guide and integration- Add comprehensive installation guide for Google Gemini CLI- Include Docker and binary configuration options- Add authentication setup for Gemini API and Vertex AI- Update main README.md to include Gemini CLI in installation guides- Update installation guides index with Gemini CLI entry and support matrix- Follow established documentation patterns and security best practices* Fix Gemini CLI command syntax and add remote server method- Replace all 'gemini-cli' commands with correct 'gemini' syntax- Fix verification commands to use '/mcp list' and '/tools' prompts- Add httpUrl remote server method as primary configuration option- Update config file paths from settings.json to config.json- Correct npx installation command syntax- Add link to official Gemini CLI documentationAddresses feedback from soisyourface in PR review.* Emphasize official Gemini CLI documentation linkReduce detailed installation steps and direct users to official docs forup-to-date instructions, addressing reviewer feedback about maintainability.* Fix Gemini CLI configuration file name: config.json -> settings.jsonThe correct configuration file for Gemini CLI is settings.json, not config.json.This applies to both global (~/.gemini/settings.json) and project-specific(.gemini/settings.json) configurations as confirmed by official documentation.* Remove Gemini CLI installation and authentication sectionsRemoved lines 11-41 containing Gemini CLI installation commands andauthentication setup instructions.* Add Podman as Docker alternative in prerequisitesAdded Podman as container engine option alongside Docker.* Remove references to deprecated npm package* Add comprehensive ~/.gemini/.env file example* Fix authorization header to use literal token placeholderEnvironment variable substitution in headers is not yet supportedby Gemini CLI (seegoogle-gemini/gemini-cli#5282).* Add issue types (github#869)* feat: add type to issues* test: add `type` test for create and update issues* Generate docs and toolsnaps* Update pkg/github/issues.goCo-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>* Use github ptr---------Co-authored-by: Pranav RK <pranavrk7@gmail.com>Co-authored-by: Pranav RK <39577726+radar07@users.noreply.github.com>Co-authored-by: Alon Kenneth <11458012+akenneth@users.noreply.github.com>Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>* Enable Dependabot (github#654)* Create/Update dependabot.yaml* Apply suggestion from @CopilotCo-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>---------Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>* Bump SDK version to 0.36.0 (github#863)* Use server.ServerResourceTemplate and server.ServerPrompt wrappers (github#886)* Update "Close inactive issues" workflow to close issues after 180 days of inactivity (github#909)* update PR_DAYS_BEFORE_STALE* update to mark as stale after 60 days* Update Claude MCP install guide after testing (github#706)* Revise Claude installation guide- Verified Claude Code installation steps- Identified and documented issues with Claude Desktop setup- Updated installation documentation based on testing* Revise instructions for opening Claude CodeUpdated recommendations for opening Claude Code.* Update docs/installation-guides/install-claude.mdCo-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>* Update docs/installation-guides/install-claude.mdCo-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>* Update installation guide for Claude setupAdded installation option for using Claude Code using a release binary.* Change section title for Go Binary installationUpdated section title for clarity regarding installation without Docker.* Close double quote in bash command---------Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>Co-authored-by: LuluBeatson <lulubeatson@github.com>Co-authored-by: Matt Holloway <mattdholloway@github.com>Co-authored-by: Tommaso Moro <37270480+tommaso-moro@users.noreply.github.com>* Add actions job log buffer and profiler (github#866)* add sliding window for actions logs* refactor: fix sliding* remove trim content* only use up to 1mb of memory for logs* update to tail lines in second pass* add better memory usage calculation* increase window size to 5MB* update test* update vers* undo vers change* add incremental memory tracking* use ring buffer* remove unused ctx param* remove manual GC clear* fix cca feedback* extract ring buffer logic to new package* handle log content processing errors and use correct param for maxjobloglines* fix tailing* account for if tailLines exceeds window size* add profiling thats reusable* remove profiler testing* refactor profiler: introduce safeMemoryDelta for accurate memory delta calculations* linter fixes* Update pkg/buffer/buffer.goCo-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>* use flag for maxJobLogLines* add param passing for context window size* refactor: rename contextWindowSize to contentWindowSize for consistency* fix: use tailLines if bigger but only if <= 5000* fix: limit tailLines to a maximum of 500 for log content download* Update cmd/github-mcp-server/main.goCo-authored-by: Adam Holt <omgitsads@github.com>* Update cmd/github-mcp-server/main.goCo-authored-by: Adam Holt <omgitsads@github.com>* move profiler to internal/* update actions test with new profiler location* fix: adjust buffer size limits* make line buffer 1028kb* fix mod path* change test to use same buffer size as normal use* improve test for non-sliding window implementation to not count empty lines* make test memory measurement more accurate* remove impossible conditional---------Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>Co-authored-by: Adam Holt <omgitsads@github.com>* Add get_release_by_tag tool (github#938)* add get_release_by_tag tool* add tool* add tests* autogen* remove comment* docs(readme): Update readme to point to correct installation guides index (github#892)* docs(readme): Update readme to point to correct installation guides index* feat(contributors): add list_repository_contributors tool* Revert "feat(contributors): add list_repository_contributors tool"This reverts commitece480e.---------Co-authored-by: Tommaso Moro <37270480+tommaso-moro@users.noreply.github.com>* Add Global Security Advisories Toolset (github#919)* Repository security advisories (github#925)* Add support for listing repo level security advisories* Add support for listing repo security advisories at the org level* Update Cursor installation link (github#940)* use new link* update local install link* Change role from "system" to "user" in prompt messages for `AssignCodingAgentPrompt` and `IssueToFixWorkflowPrompt`. Role "system" is not allowed by Claude Code in MCP provided prompt (allowed only role "user" and "assistant") (github#941)Co-authored-by: 0xGosu <0xGosu@gmail.com>* Local MCP is supported* Refactor Gemini CLI install guide* Remove Bearer from Authorization header* Add reference to main README for latest config* Bearer needed for headers, add references* Add minimal response to CRUD tools, `repositories` and `search` toolsets (github#988)* add comprehensive minimal response where appropriate* remove unneeded comments* remove incorrect diff param* update docs* rm comment* Update pkg/github/repositories.goCo-authored-by: Lulu <59149422+LuluBeatson@users.noreply.github.com>* update toolsnaps and docs* change minimal_output to use new OptionalBoolParamWithDefault* Update pkg/github/repositories.goCo-authored-by: Lulu <59149422+LuluBeatson@users.noreply.github.com>* refactor minimal conversion funcs to minimal_types.go* consolidate response structs and remove unneeded message field* consolidate response further* remove CloneURL field* Update pkg/github/repositories.goCo-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>* Update pkg/github/server.goCo-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>* fix undefined* change incorrect comment* remove old err var declaration* Update pkg/github/repositories.goCo-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>* fix syntax issue* update toolsnaps---------Co-authored-by: Lulu <59149422+LuluBeatson@users.noreply.github.com>Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>* initial org repo create support (github#1023)---------Co-authored-by: JoannaaKL <joannaakl@github.com>Co-authored-by: Pranav RK <pranavrk7@gmail.com>Co-authored-by: Pranav RK <39577726+radar07@users.noreply.github.com>Co-authored-by: Alon Kenneth <11458012+akenneth@users.noreply.github.com>Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>Co-authored-by: Zack Koppert <zkoppert@github.com>Co-authored-by: Ksenia Bobrova <almaleksia@github.com>Co-authored-by: Tommaso Moro <37270480+tommaso-moro@users.noreply.github.com>Co-authored-by: Dimitrios Philliou <d1m1tr10s@github.com>Co-authored-by: LuluBeatson <lulubeatson@github.com>Co-authored-by: Matt Holloway <mattdholloway@github.com>Co-authored-by: Adam Holt <omgitsads@github.com>Co-authored-by: Rebecca Biju <113070179+beccccaboo@users.noreply.github.com>Co-authored-by: Jurre <jurre@github.com>Co-authored-by: 0xGosu <0xGosu@gmail.com>Co-authored-by: Lulu <59149422+LuluBeatson@users.noreply.github.com>
Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment
Labels
None yet
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading.Please reload this page.
This pull request adds new functionality to list security advisories for both individual repositories and entire organizations, along with corresponding tests and documentation updates.
This builds on#919 and the PR is stacked against that, we can either merge it into that branch, or have it rebased against main when it lands.