Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ci: sync workflows from central-workflows #139

Open
wants to merge 3 commits into
base: dev
Choose a base branch
from

ci: sync workflows from central-workflows Signed-off-by: Scott <busin…

fa49803
Select commit
Loading
Failed to load commit list.
Open

ci: sync workflows from central-workflows #139

ci: sync workflows from central-workflows Signed-off-by: Scott <busin…
fa49803
Select commit
Loading
Failed to load commit list.
GitHub Advanced Security / Semgrep (reported by Codacy) failed Dec 2, 2024 in 6s

4 new alerts including 3 errors

New alerts in code changed by this pull request

  • 3 errors
  • 1 warning

See annotations below for details.

View all branch alerts.

Annotations

Check failure on line 25 in .github/workflows/dco-check.yml

See this annotation in the file changed.

Code scanning / Semgrep (reported by Codacy)

Using variable interpolation ${{...}} with github context data in a run: step could allow an attacker to inject their own code into the runner. Error

Using variable interpolation ${...} with github context data in a run: step could allow an attacker to inject their own code into the runner.

Check failure on line 21 in .github/workflows/gpg-verify.yml

See this annotation in the file changed.

Code scanning / Semgrep (reported by Codacy)

Using variable interpolation ${{...}} with github context data in a run: step could allow an attacker to inject their own code into the runner. Error

Using variable interpolation ${...} with github context data in a run: step could allow an attacker to inject their own code into the runner.

Check failure on line 30 in .github/workflows/milestone.yml

See this annotation in the file changed.

Code scanning / Semgrep (reported by Codacy)

Using variable interpolation ${{...}} with github context data in a run: step could allow an attacker to inject their own code into the runner. Error

Using variable interpolation ${...} with github context data in a run: step could allow an attacker to inject their own code into the runner.

Check warning on line 48 in .github/workflows/release.yml

See this annotation in the file changed.

Code scanning / Semgrep (reported by Codacy)

An action sourced from a third-party repository on GitHub is not pinned to a full length commit SHA. Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Warning

An action sourced from a third-party repository on GitHub is not pinned to a full length commit SHA. Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release.