KICS #48
Annotations
4 warnings
KICS scan:
.github/workflows/chart-test.yml#L65
Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
|
KICS scan:
.github/workflows/chart-test.yml#L74
Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
|
KICS scan:
.github/workflows/chart-release.yaml#L60
Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
|
KICS scan:
.github/workflows/release-please.yml#L36
Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
|
Set up job
5s
5s
Error:
This step has been truncated due to its large size. Download the full logs from the menu
once the workflow run has completed.
Build checkmarx/kics-github-action@8a44970e3d2eca668be41abe9d4e06709c3b3609
16s
16s
Error:
This step has been truncated due to its large size. Download the full logs from the menu
once the workflow run has completed.
Run actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
3s
3s
Error:
This step has been truncated due to its large size. Download the full logs from the menu
once the workflow run has completed.
KICS scan
8s
8s
Error:
This step has been truncated due to its large size. Download the full logs from the menu
once the workflow run has completed.
Upload SARIF file for GitHub Advanced Security Dashboard
6s
6s
Error:
This step has been truncated due to its large size. Download the full logs from the menu
once the workflow run has completed.
Post Run actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
0s
0s
Error:
This step has been truncated due to its large size. Download the full logs from the menu
once the workflow run has completed.
Complete job
0s
0s
Error:
This step has been truncated due to its large size. Download the full logs from the menu
once the workflow run has completed.
Loading