How we're using Sourcegraph and a Slack bot to detect vulnerabilities and react quickly

In an intricate process of managing GitHub advisories, a Slack bot automates the triaging and response pipeline, primarily focusing on incidents with severe security implications such as the npm worm incident affecting @tanstack/* packages. The bot streamlines the workflow by posting advisories in a Slack channel, triggering automated content creation like detection queries, blog drafts, and social media posts upon a single human reaction, leaving operators to evaluate the honesty and importance of the drafts. This system has arisen in response to the increasing volume of both malicious software packages and AI-generated code, which has introduced complex security challenges due to AI's tendency to hallucinate or create non-existent package upgrades. The architecture is designed to be efficient, with no orchestrator process and limited in-memory state, allowing operators to focus on judgment and prose refinement. As the threat landscape evolves with AI and self-replicating malware, the bot's role is expanding to include pre-disclosure pattern detection and a public resource hub for security alerts to aid responders in mitigating future incidents.