search

CZERTAINLY / CZERTAINLY-Helm-Charts

CZERTAINLY - Helm Charts
https://www.czertainly.com
MIT License
4 stars 2 forks source link

Security Policy violation Dangerous Workflow #192

Open allstar-app[bot] opened 1 month ago

allstar-app[bot] commented 1 month ago

This issue was automatically created by Allstar.

Security Policy Violation Project is out of compliance with Dangerous Workflow policy: dangerous workflow patterns detected

Rule Description Dangerous Workflows are GitHub Action workflows that exhibit dangerous patterns that could render them vulnerable to attack. A vulnerable workflow is susceptible to leaking repository secrets, or allowing an attacker write access using the GITHUB_TOKEN. For more information about the particular patterns that are detected see the Security Scorecards Documentation for Dangerous Workflow.

Remediation Steps Avoid the dangerous workflow patterns. See this post for information on avoiding untrusted code checkouts. See this document for information on avoiding and mitigating the risk of script injections.

Dangerous Patterns Found

Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

This issue will auto resolve when the policy is in compliance.

Issue created by Allstar. See https://github.com/ossf/allstar/ for more information. For questions specific to the repository, please contact the owner or maintainer.

allstar-app[bot] commented 1 month ago

Updating issue after ping interval. See its status below.

Project is out of compliance with Dangerous Workflow policy: dangerous workflow patterns detected

Rule Description Dangerous Workflows are GitHub Action workflows that exhibit dangerous patterns that could render them vulnerable to attack. A vulnerable workflow is susceptible to leaking repository secrets, or allowing an attacker write access using the GITHUB_TOKEN. For more information about the particular patterns that are detected see the Security Scorecards Documentation for Dangerous Workflow.

Remediation Steps Avoid the dangerous workflow patterns. See this post for information on avoiding untrusted code checkouts. See this document for information on avoiding and mitigating the risk of script injections.

Dangerous Patterns Found

Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

allstar-app[bot] commented 1 month ago

Updating issue after ping interval. See its status below.

Project is out of compliance with Dangerous Workflow policy: dangerous workflow patterns detected

Rule Description Dangerous Workflows are GitHub Action workflows that exhibit dangerous patterns that could render them vulnerable to attack. A vulnerable workflow is susceptible to leaking repository secrets, or allowing an attacker write access using the GITHUB_TOKEN. For more information about the particular patterns that are detected see the Security Scorecards Documentation for Dangerous Workflow.

Remediation Steps Avoid the dangerous workflow patterns. See this post for information on avoiding untrusted code checkouts. See this document for information on avoiding and mitigating the risk of script injections.

Dangerous Patterns Found

Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

allstar-app[bot] commented 1 month ago

Updating issue after ping interval. See its status below.

Project is out of compliance with Dangerous Workflow policy: dangerous workflow patterns detected

Rule Description Dangerous Workflows are GitHub Action workflows that exhibit dangerous patterns that could render them vulnerable to attack. A vulnerable workflow is susceptible to leaking repository secrets, or allowing an attacker write access using the GITHUB_TOKEN. For more information about the particular patterns that are detected see the Security Scorecards Documentation for Dangerous Workflow.

Remediation Steps Avoid the dangerous workflow patterns. See this post for information on avoiding untrusted code checkouts. See this document for information on avoiding and mitigating the risk of script injections.

Dangerous Patterns Found

Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

allstar-app[bot] commented 1 month ago

Updating issue after ping interval. See its status below.

Project is out of compliance with Dangerous Workflow policy: dangerous workflow patterns detected

Rule Description Dangerous Workflows are GitHub Action workflows that exhibit dangerous patterns that could render them vulnerable to attack. A vulnerable workflow is susceptible to leaking repository secrets, or allowing an attacker write access using the GITHUB_TOKEN. For more information about the particular patterns that are detected see the Security Scorecards Documentation for Dangerous Workflow.

Remediation Steps Avoid the dangerous workflow patterns. See this post for information on avoiding untrusted code checkouts. See this document for information on avoiding and mitigating the risk of script injections.

Dangerous Patterns Found

Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

allstar-app[bot] commented 1 month ago

Updating issue after ping interval. See its status below.

Project is out of compliance with Dangerous Workflow policy: dangerous workflow patterns detected

Rule Description Dangerous Workflows are GitHub Action workflows that exhibit dangerous patterns that could render them vulnerable to attack. A vulnerable workflow is susceptible to leaking repository secrets, or allowing an attacker write access using the GITHUB_TOKEN. For more information about the particular patterns that are detected see the Security Scorecards Documentation for Dangerous Workflow.

Remediation Steps Avoid the dangerous workflow patterns. See this post for information on avoiding untrusted code checkouts. See this document for information on avoiding and mitigating the risk of script injections.

Dangerous Patterns Found

Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

allstar-app[bot] commented 1 month ago

Updating issue after ping interval. See its status below.

Project is out of compliance with Dangerous Workflow policy: dangerous workflow patterns detected

Rule Description Dangerous Workflows are GitHub Action workflows that exhibit dangerous patterns that could render them vulnerable to attack. A vulnerable workflow is susceptible to leaking repository secrets, or allowing an attacker write access using the GITHUB_TOKEN. For more information about the particular patterns that are detected see the Security Scorecards Documentation for Dangerous Workflow.

Remediation Steps Avoid the dangerous workflow patterns. See this post for information on avoiding untrusted code checkouts. See this document for information on avoiding and mitigating the risk of script injections.

Dangerous Patterns Found

Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

allstar-app[bot] commented 1 week ago

Updating issue after ping interval. See its status below.

Project is out of compliance with Dangerous Workflow policy: dangerous workflow patterns detected

Rule Description Dangerous Workflows are GitHub Action workflows that exhibit dangerous patterns that could render them vulnerable to attack. A vulnerable workflow is susceptible to leaking repository secrets, or allowing an attacker write access using the GITHUB_TOKEN. For more information about the particular patterns that are detected see the Security Scorecards Documentation for Dangerous Workflow.

Remediation Steps Avoid the dangerous workflow patterns. See this post for information on avoiding untrusted code checkouts. See this document for information on avoiding and mitigating the risk of script injections.

Dangerous Patterns Found

Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

allstar-app[bot] commented 12 hours ago

Updating issue after ping interval. See its status below.

Project is out of compliance with Dangerous Workflow policy: dangerous workflow patterns detected

Rule Description Dangerous Workflows are GitHub Action workflows that exhibit dangerous patterns that could render them vulnerable to attack. A vulnerable workflow is susceptible to leaking repository secrets, or allowing an attacker write access using the GITHUB_TOKEN. For more information about the particular patterns that are detected see the Security Scorecards Documentation for Dangerous Workflow.

Remediation Steps Avoid the dangerous workflow patterns. See this post for information on avoiding untrusted code checkouts. See this document for information on avoiding and mitigating the risk of script injections.

Dangerous Patterns Found

Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.