Grant maxisbey the security-manager org role#147
Merged
Conversation
Model GitHub's pre-defined security_manager organization role in the IaC: new GitHub-only security-managers team wired to the org role via ORG_ROLE_ASSIGNMENTS, following the existing all_repo_admin pattern. Add Max Isbey (maxisbey) as its first member so he can view draft security advisories for coordinated disclosure work. Co-Authored-By: Claude <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_0147Pp292yN9cQKCQBphVyMy
Pulumi PreviewClick to expand preview output |
Paul Carleton asked for Jenn to join the new security-managers team alongside Max Isbey. Resolved to Jenn Newton (jenn-newton), already a member of the security working group in this config. Co-Authored-By: Claude <noreply@anthropic.com>
pcarleton
approved these changes
Jul 9, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Requested by Paul Carleton · Slack thread
Before / After
Before: Max Isbey (@maxisbey) is an org member (maintainers, python-sdk, typescript-sdk-collaborators) and Jenn Newton (@jenn-newton) is in the security working group, but neither can see draft GitHub security advisories (GHSAs). Drafts are only visible to org owners, security managers, repo admins, and per-advisory collaborators, so the GHSA sweep for coordinated disclosure is blocked on repos where they aren't admins or invited collaborators. The security-manager org role was not modeled in this IaC at all.
After: A new GitHub-only
security-managersteam exists and is granted GitHub's pre-definedsecurity_managerorganization role, giving its members org-wide read access to security alerts and draft security advisories across all repositories (no code-write permissions beyond read). Max and Jenn are its first members, so they can read draft GHSAs everywhere in the org.How
src/config/orgRoles.ts: extended theOrgRoleNameunion withsecurity_managerand added an assignment mapping thesecurity-managersteam to that pre-defined org role, mirroring the existingall_repo_adminwiring for lead-maintainers/core-maintainers.src/config/roleIds.ts/src/config/roles.ts: declared the newsecurity-managersrole as a GitHub-only team (no Discord role, no Google group, so no Google Workspace provisioning side effects; no parent team so it does not imply steering-committee membership).src/config/users.ts: addedROLE_IDS.SECURITY_MANAGERSto Max's existing entry, and to Jenn Newton's (@jenn-newton) entry per Paul's follow-up request.Rationale: Max is doing a sweep over GitHub security advisories to help with coordinated disclosure and needs draft-advisory visibility; the security-manager org role is the standard grant for that. Jenn (security WG) is joining the same effort.
npm run checkpasses locally (format, validate, tests: 23 passed).🤖 Generated with Claude Code
https://claude.ai/code/session_0147Pp292yN9cQKCQBphVyMy
Generated by Claude Code