Workflow: .github/workflows/daily-security.yml
npm run syncnpm run whitelist:verify- Find latest report in
data/security-reports/*/report.json npm run quarantine:apply -- --report <latest>- Open/update PR with whitelist and quarantine changes
- Entries that now fail policy are removed from whitelist.
- Failed entries are added to quarantine with reasons and timestamp.
- Recommendations/install flow treats quarantined IDs as blocked.
- Remove or reduce offending signals.
- Re-run verification locally.
- Open PR to remove from
data/quarantine/quarantined.jsonand add back to whitelist. - CODEOWNERS approval is required.