From a1eb4df10d27a9e1a3c34503c8e1bff3dbcebd2a Mon Sep 17 00:00:00 2001
From: Asier Isayas <aisayas@microsoft.com>
Date: Mon, 9 Feb 2026 08:17:42 -0800
Subject: [PATCH] dependabot weekly digest

---
 .../workflows/dependabot-weekly-digest.yml    | 45 +++++++++++++++++++
 1 file changed, 45 insertions(+)
 create mode 100644 .github/workflows/dependabot-weekly-digest.yml

diff --git a/.github/workflows/dependabot-weekly-digest.yml b/.github/workflows/dependabot-weekly-digest.yml
new file mode 100644
index 000000000..8deb0579a
--- /dev/null
+++ b/.github/workflows/dependabot-weekly-digest.yml
@@ -0,0 +1,45 @@
+name: Weekly Dependabot Alerts Email
+
+on:
+  schedule:
+    - cron: '0 0 * * 0'  # Triggers the workflow every Sunday at midnight UTC.
+
+jobs:
+  send-email:
+    runs-on: ubuntu-latest
+    steps:
+      # Step 1: Checkout the repository code (optional for this task, but typical in workflows)
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      # Step 2: Fetch Dependabot Alerts via GitHub API
+      - name: Fetch Dependabot Alerts
+        id: dependabot-alerts
+        run: |
+          curl -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
+          -H "Accept: application/vnd.github.v3+json" \
+          "https://api.github.com/repos/${{ github.repository }}/dependabot/alerts?state=open" > dependabot_alerts.json
+
+      # Step 3: Format the Dependabot Alerts
+      - name: Format Alerts as Email Body
+        id: format-alerts
+        run: |
+          alerts=$(cat dependabot_alerts.json | jq -r '.[] | "* **\(.securityVulnerability.package.name)**: \(.securityVulnerability.severity) severity, CVE-Id: [\(.securityVulnerability.cve)](https://cve.mitre.org/cve/\(.securityVulnerability.cve))\n  \(.description)\n"')
+          echo "$alerts" > formatted_alerts.txt
+
+      # Step 4: Send the Email via Outlook SMTP (from DL1 to DL1 or DL2)
+      - name: Send Email
+        uses: dawidd6/action-send-mail@v3
+        with:
+          smtp-server: smtp.office365.com
+          smtp-port: 587
+          smtp-user: cdbportal@microsoft.com  # Use DL1's email address
+          from: cdbportal@microsoft.com  # The sender is DL1
+          to: "dl1@yourdomain.com"  # This is the recipient DL1; can also use another DL (e.g., dl2@yourdomain.com)
+          subject: "Weekly Dependabot Vulnerabilities for ${{ github.repository }}"
+          body: |
+            **Weekly Dependabot Security Alerts**
+
+            Below are the new security vulnerabilities found in your dependencies:
+
+            ${{ steps.format-alerts.outputs.alerts }}