Google Git
Sign in
chromium/v8/v8.git/760ed0a1c75b031e407a0246aaf341822dbf88dd
commit
760ed0a1c75b031e407a0246aaf341822dbf88dd
[log]
author
Clemens Backes <clemensb@chromium.org>
Fri May 08 15:18:55 2026
committer
v8-scoped@luci-project-accounts.iam.gserviceaccount.com <v8-scoped@luci-project-accounts.iam.gserviceaccount.com>
Fri May 08 16:11:26 2026
tree
b1ffb36baa3ea0f7aadf4fcdf3bf6d639f7df9b7
parent
daf562fbddc7e2ac3a5f4ea0dbdd8932a8785144 [diff]
[agents] Mandate local reproduction for vulnerability classification

This CL updates the v8-security-triaging skill to enforce empirical
verification as a prerequisite for classifying reports as vulnerabilities.

Key changes:
- Added a "Mandatory Local Reproduction" core principle to the
  v8-security-triaging skill.
- Updated the classification guidance to mandate "Failed to Reproduce"
  if local reproduction is unsuccessful.
- Enforced that "Vulnerability" status can only be assigned after
  successful local reproduction.

R=ishell@chromium.org

No-Try: true
Change-Id: I81a86835fea75c5a0d84d4878dee74fb2efb2975
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/7830726
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#107196}
1 file changed
tree: b1ffb36baa3ea0f7aadf4fcdf3bf6d639f7df9b7
  1. .github/
  2. agents/
  3. bazel/
  4. build_overrides/
  5. custom_deps/
  6. docs/
  7. gni/
  8. include/
  9. infra/
  10. samples/
  11. src/
  12. test/
  13. testing/
  14. third_party/
  15. tools/
  16. .bazelrc
  17. .clang-format
  18. .clang-tidy
  19. .editorconfig
  20. .flake8
  21. .git-blame-ignore-revs
  22. .gitattributes
  23. .gitignore
  24. .gn
  25. .mailmap
  26. .style.yapf
  27. .vpython3
  28. .ycm_extra_conf.py
  29. AUTHORS
  30. BUILD.bazel
  31. BUILD.gn
  32. CODE_OF_CONDUCT.md
  33. codereview.settings
  34. COMMON_OWNERS
  35. DEPS
  36. DIR_METADATA
  37. ENG_REVIEW_OWNERS
  38. INFRA_OWNERS
  39. INTL_OWNERS
  40. LICENSE
  41. LICENSE.fdlibm
  42. LICENSE.strongtalk
  43. LICENSE.v8
  44. LOONG_OWNERS
  45. MIPS_OWNERS
  46. MODULE.bazel
  47. OWNERS
  48. PPC_OWNERS
  49. PRESUBMIT.py
  50. pyrightconfig.json
  51. README.md
  52. RISCV_OWNERS
  53. S390_OWNERS
  54. SECURITY.md
  55. WATCHLISTS
README.md

V8 JavaScript Engine

V8 is Google's open source JavaScript engine.

V8 implements ECMAScript as specified in ECMA-262.

V8 is written in C++ and is used in Chromium, the open source browser from Google.

V8 can run standalone, or can be embedded into any C++ application.

V8 Project page: https://v8.dev/docs

Getting the Code

Checkout depot tools, and run

    fetch v8

This will checkout V8 into the directory v8 and fetch all of its dependencies. To stay up to date, run

    git pull origin
    gclient sync

For fetching all branches, add the following into your remote configuration in .git/config:

    fetch = +refs/branch-heads/*:refs/remotes/branch-heads/*
    fetch = +refs/tags/*:refs/tags/*

Contributing

Please follow the instructions mentioned at v8.dev/docs/contribute.