Review Jit Ignore and Accept

Notify your Security team when someone ignores a Jit vulnerability report and accepts the risk.

Label Jit Alerts

Configuration Description

Conditions (all must be true):

Someone ignores and accepts a Jit finding

Automation Actions:

Request review from the organization’s security team.
Label the PR to indicate someone accepted the risk of a Jit security alert.
Post a comment explaining why this action was taken.

Review Jit Ignore and Accept

# -*- mode: yaml -*-

manifest:
  version: 1.0

automations:
  review_jit_ignore_accept:
    if:
      - {{ pr.conversations | reject(attr='commenter', term='jit-ci') | filter(attr='content', term='#jit_ignore_accept') | some }}
    run:

      - action: add-reviewers@v1
        args:
          reviewers: [my-organziation/security]
      - action: add-label@v1
        args:
          label: '❕ Jit: Ignore - Accept Risk'
      - action: add-comment@v1
        args:
          comment: |
            The security team has been assigned for optional review because this PR ignores a Jit alert and accepts the associated risks.

jit: {{ pr | extractJitFindings }}

Download this example as a CM file.