Agentic AI Atlasby a5c.ai
/
GitHubDocsDiscord
iiRecord
Agentic AI Atlas · Open Source Security Disclosure
workflow:open-source-security-disclosurea5c.ai
II.
Workflow JSON

workflow:open-source-security-disclosure

Structured · live

Open Source Security Disclosure json

Inspect the normalized record payload exactly as the atlas UI reads it.

File · workflows/workflows/workflows-deeper-domains.yamlCluster · workflows
Record JSON
{
  "id": "workflow:open-source-security-disclosure",
  "_kind": "Workflow",
  "_file": "workflows/workflows/workflows-deeper-domains.yaml",
  "_cluster": "workflows",
  "attributes": {
    "displayName": "Open Source Security Disclosure",
    "workflowKind": "operational",
    "triggerType": "event-driven",
    "typicalCadence": "per-vulnerability",
    "complexity": "cross-team",
    "description": "Manages responsible security-vulnerability disclosure for open-source\nprojects the organization maintains -- receiving and triaging inbound\nvulnerability reports through the security-contact channel, reproducing\nand severity-scoring reported vulnerabilities using CVSS, developing\npatches in private forks with minimal information leakage, coordinating\ndisclosure timelines with reporters and downstream distributors,\npreparing security advisories with CVE-ID assignment, releasing patched\nversions with coordinated announcement across mailing lists and GitHub\nadvisories, and conducting retrospective analysis to identify systemic\nvulnerability patterns. Produces security advisory, patched release, and\nvulnerability retrospective. Excludes ongoing security scanning.\n"
  },
  "outgoingEdges": [
    {
      "from": "workflow:open-source-security-disclosure",
      "to": "role:security-reviewer",
      "kind": "involves_role",
      "attributes": {}
    },
    {
      "from": "workflow:open-source-security-disclosure",
      "to": "role:staff-engineer",
      "kind": "involves_role",
      "attributes": {}
    },
    {
      "from": "workflow:open-source-security-disclosure",
      "to": "role:devrel",
      "kind": "involves_role",
      "attributes": {}
    },
    {
      "from": "workflow:open-source-security-disclosure",
      "to": "skill-area:dependency-vulnerability-mgmt",
      "kind": "requires_skill_area",
      "attributes": {}
    },
    {
      "from": "workflow:open-source-security-disclosure",
      "to": "skill-area:supply-chain-security",
      "kind": "requires_skill_area",
      "attributes": {}
    },
    {
      "from": "workflow:open-source-security-disclosure",
      "to": "domain:security",
      "kind": "applies_to_domain",
      "attributes": {}
    },
    {
      "from": "workflow:open-source-security-disclosure",
      "to": "domain:software-engineering",
      "kind": "applies_to_domain",
      "attributes": {}
    },
    {
      "from": "workflow:open-source-security-disclosure",
      "to": "responsibility:security-review",
      "kind": "triggers_responsibility",
      "attributes": {}
    },
    {
      "from": "workflow:open-source-security-disclosure",
      "to": "responsibility:respond-incidents",
      "kind": "triggers_responsibility",
      "attributes": {}
    },
    {
      "from": "workflow:open-source-security-disclosure",
      "to": "org-unit:security-team",
      "kind": "performed_by_org_unit",
      "attributes": {}
    },
    {
      "from": "workflow:open-source-security-disclosure",
      "to": "org-unit:open-source-program-office",
      "kind": "performed_by_org_unit",
      "attributes": {}
    },
    {
      "from": "workflow:open-source-security-disclosure",
      "to": "org-unit:application-security-team",
      "kind": "performed_by_org_unit",
      "attributes": {}
    }
  ],
  "incomingEdges": []
}