Summary
security/report-policy.json controls PR comments (prComment) and nightly rollup issues (nightlyIssue), but there is no dedicated operator doc—only the JSON and workflow references.
Scope (good first issue)
- Add
docs/REPORT_POLICY.md (or a clearly named equivalent) that explains:
- prComment:
enabled, mode (always / actionable / new_findings), header
- nightlyIssue:
enabled, mode, rollupTitle, rollupLabel, labels
- Where workflows read this file (
dast-pr.yml, dast-nightly.yml)
- Cross-link from
docs/QUICK_START.md or README Documentation table.
Acceptance criteria
- New doc is accurate vs current JSON schema and workflows.
- At least one existing doc links to it.
Summary
security/report-policy.jsoncontrols PR comments (prComment) and nightly rollup issues (nightlyIssue), but there is no dedicated operator doc—only the JSON and workflow references.Scope (good first issue)
docs/REPORT_POLICY.md(or a clearly named equivalent) that explains:enabled,mode(always/actionable/new_findings),headerenabled,mode,rollupTitle,rollupLabel,labelsdast-pr.yml,dast-nightly.yml)docs/QUICK_START.mdor README Documentation table.Acceptance criteria