security-cve-allocate

Walk a security team member through allocating a CVE for an <tracker> tracking issue. Prints the ASF Vulnogram allocation URL and a CVE-ready title (the issue title stripped of redundant `<vendor>: <product>:` (e.g. `Apache Airflow:`), `[ Security Report ]`, trailing version parens and similar noise), waits for the allocated CVE ID (allocation is PMC-gated — non-PMC triagers relay to a PMC member), and then updates the tracker in place: fills in the *CVE tool link* field, adds the `cve allocated` label, posts a collapsed status-change comment, and runs `generate-cve-json --attach` to embed the paste-ready JSON in the body. Finishes by handing off to the `security-issue-sync` skill to reconcile the rest of the tracker (milestone, assignee, reporter drafts, fix-PR state) now that the CVE landing is complete.

Safety Notice

This listing is imported from SkillsMP metadata and should be treated as untrusted until upstream source review is completed.

Copy this and send it to your AI assistant to learn

Install skill "security-cve-allocate" with this command: npx skills add apache/skillsmp-apache-apache-security-cve-allocate

No markdown body

This source entry does not include full markdown content beyond metadata.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHub

Related Skills

Related by shared tags or category signals.

Coding

pr-management-triage

Sweep open pull requests on the configured `<upstream>` repo (default: read from `<project-config>/project.md → upstream_repo`), classify each one against the project's quality criteria, propose a disposition, and — on the maintainer's confirmation — carry out the action via `gh`. Decides whether each PR should be converted to draft with a quality-issues comment, commented on, closed, rebased, have CI reruns triggered, have a first-time-contributor workflow approved, be pinged to a stale reviewer, or marked `ready for maintainer review`. Does **not** perform code review (no LLM line comments, no approve/request-changes submissions) — that lives in [`pr-management-code-review`](../pr-management-code-review/SKILL.md).

Repository SourceNeeds Review
-8apache
Security

Security Portfolio Risk

Provides AI-driven portfolio risk analysis for China A-shares with VaR, stress testing, tail risk, factor exposure, and risk attribution for fund managers.

Registry SourceRecently Updated
301Profile unavailable
Security

Agent Governance Assistant

AI-powered enterprise AI agent governance framework — audit agent behavior, enforce security policies, ensure CBIRC/CFCA compliance, detect shadow AI, and ge...

Registry SourceRecently Updated
00Profile unavailable
Security

Security Equity Research

AI tool generating China A-share equity research reports automating data collection, earnings review, valuation modeling (DCF/DDM/PE), ESG, and short-seller...

Registry SourceRecently Updated
331Profile unavailable
security-cve-allocate | V50.AI