← ClaudeAtlas

security-cve-allocatelisted

Walk a security team member through allocating a CVE for an `<tracker>` tracking issue (governance-gated per `governance.cve_allocation_gate`). Prints the configured `<cve-tool>` allocation URL, waits for the allocated CVE ID, then updates the tracker in place. Tracker updates: CVE tool link field, cve allocated label, status-change comment, CVE JSON. Chains into `security-issue-sync` afterwards to reconcile the rest of the tracker.
apache/airflow-steward · ★ 19 · AI & Automation · score 80
Install: claude install-skill apache/airflow-steward
<!-- Placeholder convention (see AGENTS.md#placeholder-convention-used-in-skill-files): <project-config> → adopting project's `.apache-steward/` directory <tracker> → value of `tracker_repo:` in <project-config>/project.md (example: airflow-s/airflow-s for the Apache Airflow security team) <upstream> → value of `upstream_repo:` in <project-config>/project.md (example: apache/airflow) <security-list> → value of `mailing_lists.security:` in <project-config>/project.md (example: security@airflow.apache.org for the ASF Airflow project) <cve-tool> → the CVE-tool adapter directory selected by `cve_authority.tool:` in <project-config>/project.md (example: `tools/cve-tool-vulnogram/` for the ASF default). Adapter contract: tools/cve-tool/README.md. Before running any bash command below, substitute these with the concrete values from the adopting project's <project-config>/project.md. --> # security-cve-allocate Walks a security team member through the CVE-allocation step of the [handling process](../../../README.md) for a given [`<tracker>`](https://github.com/<tracker>) tracking issue. The work itself — submitting the allocation form on the project's CVE tool, resolved from `cve_authority.allocate_url` in [`<project-config>/project.md`](../../../<project-config>/project.md#cve-authority) — is