Skip to content

docs: add CI + CodeQL status badges to README#22

Merged
askalf merged 1 commit into
masterfrom
docs/ci-codeql-badges
Jul 12, 2026
Merged

docs: add CI + CodeQL status badges to README#22
askalf merged 1 commit into
masterfrom
docs/ci-codeql-badges

Conversation

@askalf

@askalf askalf commented Jul 12, 2026

Copy link
Copy Markdown
Owner

Adds CI (ci.yml) and CodeQL (codeql.yml) workflow status badges next to the existing OpenSSF Scorecard badge, so build + static-analysis health shows at a glance. Docs-only, no code change.

(Also serves as the live end-to-end test of the fleet reviewer's new approve-when-clean mode on this repo.)

The README already shows the OpenSSF Scorecard badge; add the CI (ci.yml) and
CodeQL (codeql.yml) workflow status badges next to it so the build + static
analysis health is visible at a glance alongside the supply-chain score.

@sprayberry-reviewer sprayberry-reviewer left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automated review from the Sprayberry Labs fleet code reviewer — this review was submitted by the fleet's dedicated reviewer bot and counts as the repository's required automated approval.

Verdict: clean — no blocking findings. Approving.


What I checked

  • Diff surface: README.md only — 2 lines added, 0 deleted. Docs-only change; no source code, no workflow logic, no test surface affected.
  • Workflow existence: Confirmed both ci.yml and codeql.yml exist as registered GitHub Actions workflows in this repository (gh api repos/askalf/agent-security-stack/actions/workflows).
  • Badge URL structure: Both badge URLs follow the canonical GitHub Actions badge pattern:
    https://github.com/<owner>/<repo>/actions/workflows/<file>.badge.svg
    
    The owner (askalf), repo (agent-security-stack), and filenames (ci.yml, codeql.yml) all match.
  • Link targets: The clickable badge links correctly point to the workflow run pages for the same ci.yml and codeql.yml files — consistent with the badge source.
  • Placement: Inserted above the existing OpenSSF Scorecard badge — logical grouping of CI/security health indicators.
  • No security or logic concerns exist in a pure README badge addition.

Findings

None. Every element of this change is structurally correct and verifiable against the repository's actual workflow files.

What's good

Consistent badge style with the existing OpenSSF Scorecard entry. Adding CI and static-analysis status at a glance is a good practice for a security-focused repository.

@askalf askalf merged commit 6906ae5 into master Jul 12, 2026
3 checks passed
@askalf askalf deleted the docs/ci-codeql-badges branch July 12, 2026 16:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants