Skip to content

Make SkillSpector advisory + only scan changed skills#68

Merged
danielholanda merged 2 commits into
mainfrom
dholanda/spector_advisory
Jun 18, 2026
Merged

Make SkillSpector advisory + only scan changed skills#68
danielholanda merged 2 commits into
mainfrom
dholanda/spector_advisory

Conversation

@danielholanda

Copy link
Copy Markdown
Collaborator

Two quick changes to SkillSpector CI:

  • Only scan what changed. Instead of re-scanning every skill on every run, the discovery job now diffs against the base and picks only the skills that actually changed. If the scanning machinery itself changes (the workflow, gate, or allowlist), it scans everything.

  • Advisory only: no more blocking. SkillSpector findings no longer fail CI. When a skill has un-allowlisted HIGH/CRITICAL findings (or the scan errors), we raise a ::warning:: annotation + a job-summary entry so it's clearly flagged on the PR, but the check stays green and the merge isn't blocked. It only goes red on a genuine infra crash (runner/setup failure). This is the same strategy used by similar repos.

@danielholanda danielholanda self-assigned this Jun 18, 2026
@danielholanda danielholanda merged commit e8dd638 into main Jun 18, 2026
17 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant