From bb8d844addef045ad39a6d14b3be776aab169fe2 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Wed, 25 Feb 2026 15:03:56 +0000
Subject: [PATCH 1/2] Initial plan


From 1101ea4390d3b56f1239a145eb843c0baf1dd960 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Wed, 25 Feb 2026 15:18:15 +0000
Subject: [PATCH 2/2] Add security-query.sql with count of both situations

Co-authored-by: kasia-kittel <11980812+kasia-kittel@users.noreply.github.com>
---
 security-query.sql | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 security-query.sql

diff --git a/security-query.sql b/security-query.sql
new file mode 100644
index 0000000..81a06a1
--- /dev/null
+++ b/security-query.sql
@@ -0,0 +1,23 @@
+SELECT
+  CASE WHEN MALICIOUS = true THEN 'Malicious code detected 🚩'
+       WHEN REACHABILITY = 'REACHABLE' AND EPSS_PERCENTAGE >= 60 THEN 'Reachable vulnerability with high EPSS% 🔴'
+  ELSE ''
+  END as reason,
+  COUNT(*) AS count
+FROM (
+      SELECT
+        *,
+        CONCAT(REPLACE(ORGANIZATION, '-github-scans', ''), '/', LOWER(GITHUB_REPOSITORY)) AS normalized_repo
+      FROM SECURITY.V_SECOPS_MEND_SUMMARY_TBL
+    ) s
+WHERE
+  s.normalized_repo IN (${repoRaw:sqlstring})
+  AND DATE(CREATE_DATE) = DATEADD(DAY, -1, CURRENT_DATE)
+  AND 
+  (FIX_DATE IS NOT NULL
+  AND s.CVSS3_SEVERITY = 'critical'
+  AND EPSS_PERCENTAGE >= 60
+  AND REACHABILITY = 'REACHABLE')
+  OR MALICIOUS = true
+GROUP BY reason
+ORDER BY reason;