Skip to content
This repository has been archived by the owner on Feb 14, 2024. It is now read-only.

Fix GitHub workflows security issues #414

Closed
sebastianczech opened this issue Dec 12, 2023 · 0 comments
Closed

Fix GitHub workflows security issues #414

sebastianczech opened this issue Dec 12, 2023 · 0 comments
Assignees
@sebastianczech
Labels
aws

Comments

@sebastianczech
Copy link
Contributor

Describe the bug

Checkov detected issues:

Check: CKV_GHA_7: "The build output cannot be affected by user parameters other than the build entry point and the top-level source location. GitHub Actions workflow_dispatch inputs MUST be empty. "
        FAILED for resource: on(ChatOPS Apply)
        File: /.github/workflows/apply-command.yml:12-41
Check: CKV_GHA_7: "The build output cannot be affected by user parameters other than the build entry point and the top-level source location. GitHub Actions workflow_dispatch inputs MUST be empty. "
        FAILED for resource: on(ChatOPS Validate)
        File: /.github/workflows/validate-command.yml:10-39
Check: CKV_GHA_7: "The build output cannot be affected by user parameters other than the build entry point and the top-level source location. GitHub Actions workflow_dispatch inputs MUST be empty. "
        FAILED for resource: on(ChatOPS Plan)
        File: /.github/workflows/plan-command.yml:12-41
Check: CKV_GHA_7: "The build output cannot be affected by user parameters other than the build entry point and the top-level source location. GitHub Actions workflow_dispatch inputs MUST be empty. "
        FAILED for resource: on(ChatOPS Idempotence)
        File: /.github/workflows/idempotence-command.yml:12-41
Check: CKV_GHA_7: "The build output cannot be affected by user parameters other than the build entry point and the top-level source location. GitHub Actions workflow_dispatch inputs MUST be empty. "
        FAILED for resource: on(ChatOPS SCA)
        File: /.github/workflows/sca-command.yml:10-32
Check: CKV_GHA_7: "The build output cannot be affected by user parameters other than the build entry point and the top-level source location. GitHub Actions workflow_dispatch inputs MUST be empty. "
        FAILED for resource: on(ChatOPS Help)
        File: /.github/workflows/help-command.yml:7-29
Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
        FAILED for resource: on(ChatOPS Help)
        File: /.github/workflows/help-command.yml:31-32

Module Version

1.1.3

Terraform version

No response

Expected behavior

There are no Checkov issues for GitHub workflows.

Current behavior

No response

Anything else to add?

No response
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@sebastianczech sebastianczech

Labels
aws
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sebastianczech