LabelSecurityAlert returns the IFC label for security findings: code scanning alerts, secret scanning alerts, and Dependabot alerts. Integrity is untrusted because alert payloads embed attacker-influenceable material — the offending code snippet, the matched secret string, or a vulnerable dependenc
()
| 250 | // can read them), so the reader set is narrow even for public repositories. |
| 251 | // Secret scanning results additionally surface the secret material itself. |
| 252 | func LabelSecurityAlert() SecurityLabel { |
| 253 | return PrivateUntrusted() |
| 254 | } |
| 255 | |
| 256 | // LabelGlobalSecurityAdvisory returns the IFC label for advisories served from |
| 257 | // the public GitHub Advisory Database (global advisories). |