Campaign: Security Alert Burndown

[mnkiefer]

Original prompt

Write a campaign that burns down the code security alerts backlog. Focus on file write issues first, cluster alerts if possible (up to 3), and add comments generated code for fixes. Use Claude for codegen, copilot for campaign manager.

---

Campaign Created: Security Alert Burndown

A new campaign has been generated to systematically address the code security alerts backlog.

Campaign Details

• Campaign ID: security-alert-burndown
• Project URL: https://github.com/orgs/githubnext/projects/[Created]
• State: Planned
• Risk Level: High
• Owner: @mnkiefer

Selected Workflows

1. code-scanning-fixer - Creates pull requests with security fixes for high-severity alerts (runs every 30m)
2. security-fix-pr - Submits autofixes to GitHub Code Scanning (runs every 4h)

Strategy

The campaign uses a multi-pronged approach:

• Prioritization: High-severity alerts first, with focus on file write vulnerabilities
• Clustering: Groups up to 3 related alerts per PR when they share the same file/type/remediation
• Code Generation: Uses Claude for intelligent, secure code fixes
• Quality: All fixes go through PR review with comprehensive documentation

Files Created

• .github/workflows/security-alert-burndown.campaign.md - Campaign specification

---

Handoff to Copilot Coding Agent

Task: Compile and Finalize Campaign

Please compile the campaign specification and prepare it for deployment.

Required Steps

1. Compile the campaign:

   gh aw compile security-alert-burndown

2. Verify compilation:

   • Check that .github/workflows/security-alert-burndown.campaign.g.md was generated
   • Check that .github/workflows/security-alert-burndown.campaign.lock.yml was created
   • Ensure no compilation errors occurred

3. Update project URL:

   • Once you have access to the project URL from the workflow context, update the project-url field in .github/workflows/security-alert-burndown.campaign.md
   • The format should be: https://github.com/orgs/githubnext/projects/[NUMBER]

4. Commit the files:

   git add .github/workflows/security-alert-burndown.campaign.md
   git add .github/workflows/security-alert-burndown.campaign.g.md
   git add .github/workflows/security-alert-burndown.campaign.lock.yml
   git commit -m "Add Security Alert Burndown campaign
   
   - Campaign focuses on burning down security alerts backlog
   - Prioritizes file write vulnerabilities
   - Clusters up to 3 related alerts per fix
   - Uses code-scanning-fixer and security-fix-pr workflows
   
   Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>"

5. Create pull request:

   gh pr create --title "Campaign: Security Alert Burndown" \
     --body "## Summary
   
   This PR adds a new campaign to systematically address the code security alerts backlog.
   
   **Campaign ID**: security-alert-burndown
   **Workflows**: code-scanning-fixer, security-fix-pr
   **Risk Level**: High
   
   ## Strategy
   
   - Prioritizes high-severity alerts, especially file write issues
   - Clusters up to 3 related alerts when possible
   - Uses Claude for code generation and Copilot for orchestration
   - All fixes go through PR review with full documentation
   
   ## Files
   
   - ✅ Campaign specification (.campaign.md)
   - ✅ Generated campaign file (.campaign.g.md)
   - ✅ Compiled lock file (.campaign.lock.yml)
   
   ## Test Plan
   
   - [x] \`gh aw compile security-alert-burndown\` succeeds
   - [x] Lock file is valid YAML
   - [ ] Campaign workflows execute successfully
   - [ ] Project board is properly configured
   
   🤖 Generated with Campaign Generator workflow"

Acceptance Checklist

• gh aw compile security-alert-burndown completes successfully
• .campaign.g.md file is generated
• .campaign.lock.yml file is created and valid
• Project URL is updated in campaign spec (if available)
• All files are committed to a new branch
• Pull request is created with complete description
• No compilation errors or warnings

Additional Context

The campaign specification is located at:

• .github/workflows/security-alert-burndown.campaign.md

It references two existing workflows:

• .github/workflows/code-scanning-fixer.md (creates PRs every 30m)
• .github/workflows/security-fix-pr.md (creates autofixes every 4h)

Both workflows use cache memory to coordinate and avoid duplicate work.

[github-actions]

Agentic Campaign Generator has successfully set up your campaign. Copilot Coding Agent will now create a PR.