Skip to content

BCH 1033: Add support for defining security team name #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jonathandavies-CS merged 6 commits into from
Sep 16, 2025
Merged

BCH 1033: Add support for defining security team name #4

jonathandavies-CS merged 6 commits into from
Sep 16, 2025

Conversation

@jonathandavies-CS
Copy link
Contributor

@jonathandavies-CS jonathandavies-CS commented Sep 15, 2025

No description provided.

@ianmiell ianmiell requested a review from Copilot September 16, 2025 08:31
Copilot AI reviewed Sep 16, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds support for defining a security team name in the Dependabot plugin configuration, enabling the collection of security team members for policy evaluation. The changes extend the plugin to fetch team membership data when a security team is configured.

  • Adds SecurityTeamName configuration field to specify which GitHub team represents the security team
  • Implements FetchSecurityTeamMembers function to retrieve team member data from GitHub API
  • Updates data structure to include security team members alongside Dependabot alerts for policy evaluation

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.

File Description
main.go Adds SecurityTeamName config field, implements team member fetching, and updates data structure to include security team members
main_integration_test.go Adds integration test for the new FetchSecurityTeamMembers functionality and reorganizes imports
Makefile Adds build tooling with OPA CLI validation and basic make targets for building and cleaning

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

jonathandavies-CS and others added 3 commits September 16, 2025 13:43
@jonathandavies-CS
Update main.go
4e0ac6b 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@jonathandavies-CS
Update main.go
4ee9427 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@jonathandavies-CS
Update main_integration_test.go
c6faabf 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@jonathandavies-CS jonathandavies-CS merged commit 06c7c7c into main Sep 16, 2025
1 check passed
@ianmiell ianmiell requested a review from Copilot September 16, 2025 16:21
Copilot AI reviewed Sep 16, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

main.go
}

func (l *DependabotPlugin) FetchSecurityTeamMembers(ctx context.Context) ([]*github.User, error) {
members, _, err := l.githubClient.Teams.ListTeamMembersBySlug(ctx, *l.config.Organization, *l.config.SecurityTeamName, nil)
Copy link

Copilot AI Sep 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Potential nil pointer dereference. The method dereferences l.config.Organization and l.config.SecurityTeamName without checking if they are nil, which could cause a panic if either field is not set.

Copilot uses AI. Check for mistakes.
main.go
repochan, errchan := l.FetchRepositories(ctx)

var securityTeamMembers []*github.User
if l.config.SecurityTeamName != nil && *l.config.SecurityTeamName != "" {
Copy link

Copilot AI Sep 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Inconsistent nil checking. This code checks both SecurityTeamName and Organization for nil, but the FetchSecurityTeamMembers method at line 116 only checks SecurityTeamName for nil while still dereferencing Organization without validation.

Suggested change
if l.config.SecurityTeamName != nil && *l.config.SecurityTeamName != "" {
if l.config.SecurityTeamName != nil && *l.config.SecurityTeamName != "" && l.config.Organization != nil && *l.config.Organization != "" {

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jonathandavies-CS