Auto-create GitHub issues on critical vulnerability findings

[asiridalugoda]

Summary

• Adds automatic GitHub issue creation when ReleaseGuard detects critical (severity 1) vulnerabilities during a scan
• Issues include full finding details, evidence, recommended fixes, category-specific remediation playbooks, and auto-fix eligibility
• Configurable via integrations.github_issues in .releaseguard.yml — acts as a feature flag that can be enabled per-repo pipeline
• Adds comprehensive README documentation covering setup, authentication (CI and local), and configuration options

Flow

1. ReleaseGuard is connected to a repo and runs as part of CI
2. Scan detects a critical vulnerability
3. Build fails and artifacts are dropped
4. ReleaseGuard automatically creates a GitHub issue with all relevant context and remediation guidance
5. CI reports failure

What's included

• internal/issue/github.go — GitHubCreator that filters findings by severity, builds rich issue bodies, and calls the GitHub Issues API
• internal/issue/github_test.go — unit tests covering title/body generation, filtering, API success/error paths
• internal/config/schema.go — GitHubIssuesConfig struct under IntegrationsConfig (enabled, severities, labels, assignees)
• README.md — new "GitHub Issue Integration" section with config, auth, and usage docs

Future

The integrations config block is designed to be extensible for other issue trackers (Jira, Linear, etc.).

Test plan

• Unit tests pass (go test ./internal/issue/...)
• Lint clean (golangci-lint run ./internal/issue/...)
• Verify issue creation with a live GitHub token in a test repo

https://claude.ai/code/session_01TV3VDTvBkASszWGhMCCkUC