fix: use env var for PR title in commitlint workflow to prevent untrusted script injection · zarf-dev/zarf@6bf2d27

Triggered via pull request April 4, 2024 21:37

lucasrod16

opened #2418

fix-dangerous-workflow-detected-in-ossf-scorecard-analysis

Status Success

Total duration 12m 11s

Artifacts –

scan-codeql.yml

on: pull_request

Matrix: validate

Annotations

2 warnings

validate (go)

The CODEQL_EXTRACTOR_GO_BUILD_TRACING environment variable has no effect on workflows with manual build steps, so we recommend that you remove it from your workflow.

validate (go)

The "paths"/"paths-ignore" fields of the config only have effect for JavaScript, Python, and Ruby

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix: use env var for PR title in commitlint workflow to prevent untrusted script injection #11010

Summary

fix: use env var for PR title in commitlint workflow to prevent untrusted script injection #11010

Jobs

Run details

scan-codeql.yml

Annotations