[detection-analysis] Detection Analysis Report — 2026-07-02 (last 24h) #42976
Closed
Replies: 1 comment
-
|
This discussion has been marked as outdated by Detection Analysis Report. A newer discussion is available at Discussion #43202. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Summary
2026-07-01T13:00:00Z → 2026-07-02T13:00:00Zlogsfetch (start_date: -1d) hit the 60s gateway deadline; 87 runs with complete metadata (run_summary.json+aw_info.json) were analyzed. Observed runs span2026-07-02T10:11:23.608Z→2026-07-02T13:06:50.312Z.Warning
5 workflows were flagged with detection misconfigurations — see the section below.
Detection classification uses
features.gh-aw-detectionfrom each run'saw_info.json(present in 33 of 87 runs; absent → treated as Regular).Comparison Chart
Success rates are effectively identical (~90.5% vs ~90.9%). Detection-enabled runs show a much lower average token footprint (~23,158 vs ~70,839) — the Regular average is inflated by high-volume smoke tests (e.g. Smoke Copilot variants at 0.7M–1.4M tokens).
Misconfigured Workflows
gh-aw-detection: true— name indicates an audit/analysis/report workflow that should run threat detection.gh-aw-detection: true— this workflow has >3 runs/window and should have threat detection on.gh-aw-detection: true— name indicates an audit/analysis/report workflow that should run threat detection.gh-aw-detection: true— name indicates an audit/analysis/report workflow that should run threat detection.gh-aw-detection: true— name indicates an audit/analysis/report workflow that should run threat detection.The most actionable case is Smoke CI — 4 runs, 0% success, with detection explicitly disabled. The remaining four are audit/analysis workflows whose names imply they should carry threat detection but currently do not.
View All Run Metrics (87 runs across 42 workflows)
Detection column: Yes =
gh-aw-detection: true; Off = explicitlyfalse; — = flag absent (treated as Regular).View Historical Trend (6 days: 2026-06-27 → 2026-07-02)
Detection-run volume has grown modestly (12→21 over the last two days) while detection success rate has held in the 80–95% band. (Trend covers 6 days; the 7-day threshold in the spec is nearly met — the line will fill in on the next run.)
Recommendations
gh-aw-detection— as an active, repeatedly-run workflow it should have detection enabled once green.gh-aw-detection: trueto Daily Agentic Workflow AIC Usage Audit, GitHub MCP Structural Analysis, Copilot Agent Prompt Clustering Analysis, and Typist - Go Type Analysis — these read/analyze repo content and are natural threat-detection candidates.detectionjob successfully — no type-3 issues this window.References:
Warning
Firewall blocked 1 domain
The following domain was blocked by the firewall during workflow execution:
awmgmcpgSee Network Configuration for more information.
Beta Was this translation helpful? Give feedback.
All reactions