Skip to content

docs: llm06 mitigation example #9

docs: llm06 mitigation example

docs: llm06 mitigation example #9

name: Ads - Triage OWASP Top 10 LLM Apps Issues and PRs
on:
issues:
types:
- opened
- labeled
- reopened
pull_request:
types:
- opened
- labeled
- reopened
env:
BOARD_NAME: "OWASP Top 10 for LLM Applications"
OWNER: ${{ github.repository_owner }}
REPO: ${{ github.event.repository.name }}
ISSUE: ${{ github.event.issue.number }}
PROJECT_TECH_LEAD: "GangGreenTemperTatum"
LLM01_LEAD: "cybershujin"
LLM02_LEAD: "kenhuangus"
LLM03_LEAD: "jsotiro"
LLM04_LEAD: "GangGreenTemperTatum"
LLM05_LEAD: "GangGreenTemperTatum"
LLM06_LEAD: "rot169"
LLM07_LEAD: "vingiarrusso"
LLM08_LEAD: "xsankar"
LLM09_LEAD: "virtualsteve-star"
LLM10_LEAD: "GangGreenTemperTatum"
PR_LEAD: "faceplate27"
POSTMASTER: "TBC"
TRANSLATIONS: "talesh"
DATA_GATHERING: "emmanuelgjr"
DESIGN: "rossja"
DIAGRAMS: "GangGreenTemperTatum"
WEB_DEVS: "GangGreenTemperTatum"
SEC_GOVERNANCE: "subzer0girl2"
jobs:
welcomes:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v2
- uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea #v7.0.1
with:
script: |
const eventName = context.eventName;
if (eventName === 'issues') {
await github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: '👋 Thanks for reporting! Please ensure labels are applied appropriately so that the workflow automation can triage this to the assigned member of the OWASP core team'
});
} else if (eventName === 'pull_request' && context.payload.action === 'opened') {
await github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: '👋 Thanks for your pull request! Please ensure appropriate labels are applied for review routing.'
});
}
triage:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2
- uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea #v7.0.1
with:
github-token: ${{ secrets.ADS_OWASP_LLM_APPS_REPO_TOKEN }}
script: |
try {
const issue = context.payload.issue;
const labels = issue.labels.map(label => label.name);
let assignees = [];
// Label-to-assignee mappings
const labelAssigneeMap = {
'bug': '${{ env.PROJECT_TECH_LEAD }}',
'extension': '${{ env.PROJECT_TECH_LEAD }}',
'llm-other': '${{ env.PROJECT_TECH_LEAD }}',
'diagram': '${{ env.PROJECT_TECH_LEAD }}',
'pdf': '${{ env.DESIGN }}',
'website': '${{ env.WEB_DEVS }}',
'llm-01': '${{ env.LLM01_LEAD }}',
'llm-02': '${{ env.LLM02_LEAD }}',
'llm-03': '${{ env.LLM03_LEAD }}',
'llm-04': '${{ env.LLM04_LEAD }}',
'llm-05': '${{ env.LLM05_LEAD }}',
'llm-06': '${{ env.LLM06_LEAD }}',
'llm-07': '${{ env.LLM07_LEAD }}',
'llm-08': '${{ env.LLM08_LEAD }}',
'llm-09': '${{ env.LLM09_LEAD }}',
'llm-10': '${{ env.LLM10_LEAD }}'
};
// Check labels and assign based on mappings
labels.forEach(label => {
if (labelAssigneeMap[label]) {
const assignee = labelAssigneeMap[label];
if (assignee && assignee !== 'TBC') {
assignees.push(assignee);
}
}
});
// Remove duplicates and empty values
assignees = [...new Set(assignees)].filter(Boolean);
if (assignees.length > 0) {
try {
await github.rest.issues.addAssignees({
issue_number: issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
assignees: assignees
});
console.log(`Successfully assigned to: ${assignees.join(', ')}`);
} catch (assignError) {
// Log the error but don't fail the workflow
console.log(`Warning: Could not assign some users. ${assignError.message}`);
// Try to add a comment to the issue
await github.rest.issues.createComment({
issue_number: issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: `⚠️ Note: Some assignees could not be added. Please check if all usernames are valid.`
});
}
} else {
console.log('No valid assignees found for the given labels');
}
} catch (error) {
// Log error but don't fail the workflow
console.log(`Error in workflow: ${error.message}`);
}
env:
GITHUB_TOKEN: ${{ secrets.ADS_OWASP_LLM_APPS_REPO_TOKEN }}