search

GSA-TTS / FAC

GSA's Federal Audit Clearinghouse
Other
20 stars 5 forks source link

Security Policy violation Dangerous Workflow #1983

Closed gsa-tts-allstar[bot] closed 10 months ago

gsa-tts-allstar[bot] commented 1 year ago

This issue was automatically created by Allstar.

Security Policy Violation Project is out of compliance with Dangerous Workflow policy: dangerous workflow patterns detected

Rule Description Dangerous Workflows are GitHub Action workflows that exhibit dangerous patterns that could render them vulnerable to attack. A vulnerable workflow is susceptible to leaking repository secrets, or allowing an attacker write access using the GITHUB_TOKEN. For more information about the particular patterns that are detected see the Security Scorecards Documentation for Dangerous Workflow.

Remediation Steps Avoid the dangerous workflow patterns. See this post for information on avoiding untrusted code checkouts. See this document for information on avoiding and mitigating the risk of script injections.

Dangerous Patterns Found

Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

:warning: There is an updated version of this policy result! Click here to see the latest update

This issue will auto resolve when the policy is in compliance.

Issue created by Allstar. See https://github.com/ossf/allstar/ for more information. For questions specific to the repository, please contact the owner or maintainer.

asteel-gsa commented 1 year ago

I believe this can be resolved by changing all occurrences to ${{ github.event.pull_request.base.ref }

gsa-tts-allstar[bot] commented 1 year ago

Updating issue after ping interval. See its status below.

Project is out of compliance with Dangerous Workflow policy: dangerous workflow patterns detected

Rule Description Dangerous Workflows are GitHub Action workflows that exhibit dangerous patterns that could render them vulnerable to attack. A vulnerable workflow is susceptible to leaking repository secrets, or allowing an attacker write access using the GITHUB_TOKEN. For more information about the particular patterns that are detected see the Security Scorecards Documentation for Dangerous Workflow.

Remediation Steps Avoid the dangerous workflow patterns. See this post for information on avoiding untrusted code checkouts. See this document for information on avoiding and mitigating the risk of script injections.

Dangerous Patterns Found

Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

gsa-tts-allstar[bot] commented 1 year ago

Updating issue after ping interval. See its status below.

Project is out of compliance with Dangerous Workflow policy: dangerous workflow patterns detected

Rule Description Dangerous Workflows are GitHub Action workflows that exhibit dangerous patterns that could render them vulnerable to attack. A vulnerable workflow is susceptible to leaking repository secrets, or allowing an attacker write access using the GITHUB_TOKEN. For more information about the particular patterns that are detected see the Security Scorecards Documentation for Dangerous Workflow.

Remediation Steps Avoid the dangerous workflow patterns. See this post for information on avoiding untrusted code checkouts. See this document for information on avoiding and mitigating the risk of script injections.

Dangerous Patterns Found

Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

gsa-tts-allstar[bot] commented 1 year ago

Updating issue after ping interval. See its status below.

Project is out of compliance with Dangerous Workflow policy: dangerous workflow patterns detected

Rule Description Dangerous Workflows are GitHub Action workflows that exhibit dangerous patterns that could render them vulnerable to attack. A vulnerable workflow is susceptible to leaking repository secrets, or allowing an attacker write access using the GITHUB_TOKEN. For more information about the particular patterns that are detected see the Security Scorecards Documentation for Dangerous Workflow.

Remediation Steps Avoid the dangerous workflow patterns. See this post for information on avoiding untrusted code checkouts. See this document for information on avoiding and mitigating the risk of script injections.

Dangerous Patterns Found

Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

gsa-tts-allstar[bot] commented 1 year ago

Updating issue after ping interval. See its status below.

Project is out of compliance with Dangerous Workflow policy: dangerous workflow patterns detected

Rule Description Dangerous Workflows are GitHub Action workflows that exhibit dangerous patterns that could render them vulnerable to attack. A vulnerable workflow is susceptible to leaking repository secrets, or allowing an attacker write access using the GITHUB_TOKEN. For more information about the particular patterns that are detected see the Security Scorecards Documentation for Dangerous Workflow.

Remediation Steps Avoid the dangerous workflow patterns. See this post for information on avoiding untrusted code checkouts. See this document for information on avoiding and mitigating the risk of script injections.

Dangerous Patterns Found

Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

gsa-tts-allstar[bot] commented 1 year ago

Policy is now in compliance. Closing issue.

gsa-tts-allstar[bot] commented 1 year ago

Reopening issue. See its status below.

Project is out of compliance with Dangerous Workflow policy: dangerous workflow patterns detected

Rule Description Dangerous Workflows are GitHub Action workflows that exhibit dangerous patterns that could render them vulnerable to attack. A vulnerable workflow is susceptible to leaking repository secrets, or allowing an attacker write access using the GITHUB_TOKEN. For more information about the particular patterns that are detected see the Security Scorecards Documentation for Dangerous Workflow.

Remediation Steps Avoid the dangerous workflow patterns. See this post for information on avoiding untrusted code checkouts. See this document for information on avoiding and mitigating the risk of script injections.

Dangerous Patterns Found

Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

gsa-tts-allstar[bot] commented 1 year ago

Updating issue after ping interval. See its status below.

Project is out of compliance with Dangerous Workflow policy: dangerous workflow patterns detected

Rule Description Dangerous Workflows are GitHub Action workflows that exhibit dangerous patterns that could render them vulnerable to attack. A vulnerable workflow is susceptible to leaking repository secrets, or allowing an attacker write access using the GITHUB_TOKEN. For more information about the particular patterns that are detected see the Security Scorecards Documentation for Dangerous Workflow.

Remediation Steps Avoid the dangerous workflow patterns. See this post for information on avoiding untrusted code checkouts. See this document for information on avoiding and mitigating the risk of script injections.

Dangerous Patterns Found

Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

gsa-tts-allstar[bot] commented 1 year ago

Updating issue after ping interval. See its status below.

Project is out of compliance with Dangerous Workflow policy: dangerous workflow patterns detected

Rule Description Dangerous Workflows are GitHub Action workflows that exhibit dangerous patterns that could render them vulnerable to attack. A vulnerable workflow is susceptible to leaking repository secrets, or allowing an attacker write access using the GITHUB_TOKEN. For more information about the particular patterns that are detected see the Security Scorecards Documentation for Dangerous Workflow.

Remediation Steps Avoid the dangerous workflow patterns. See this post for information on avoiding untrusted code checkouts. See this document for information on avoiding and mitigating the risk of script injections.

Dangerous Patterns Found

Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

gsa-tts-allstar[bot] commented 1 year ago

Updating issue after ping interval. See its status below.

Project is out of compliance with Dangerous Workflow policy: dangerous workflow patterns detected

Rule Description Dangerous Workflows are GitHub Action workflows that exhibit dangerous patterns that could render them vulnerable to attack. A vulnerable workflow is susceptible to leaking repository secrets, or allowing an attacker write access using the GITHUB_TOKEN. For more information about the particular patterns that are detected see the Security Scorecards Documentation for Dangerous Workflow.

Remediation Steps Avoid the dangerous workflow patterns. See this post for information on avoiding untrusted code checkouts. See this document for information on avoiding and mitigating the risk of script injections.

Dangerous Patterns Found

Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

gsa-tts-allstar[bot] commented 1 year ago

Updating issue after ping interval. See its status below.

Project is out of compliance with Dangerous Workflow policy: dangerous workflow patterns detected

Rule Description Dangerous Workflows are GitHub Action workflows that exhibit dangerous patterns that could render them vulnerable to attack. A vulnerable workflow is susceptible to leaking repository secrets, or allowing an attacker write access using the GITHUB_TOKEN. For more information about the particular patterns that are detected see the Security Scorecards Documentation for Dangerous Workflow.

Remediation Steps Avoid the dangerous workflow patterns. See this post for information on avoiding untrusted code checkouts. See this document for information on avoiding and mitigating the risk of script injections.

Dangerous Patterns Found

Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

gsa-tts-allstar[bot] commented 1 year ago

Updating issue after ping interval. See its status below.

Project is out of compliance with Dangerous Workflow policy: dangerous workflow patterns detected

Rule Description Dangerous Workflows are GitHub Action workflows that exhibit dangerous patterns that could render them vulnerable to attack. A vulnerable workflow is susceptible to leaking repository secrets, or allowing an attacker write access using the GITHUB_TOKEN. For more information about the particular patterns that are detected see the Security Scorecards Documentation for Dangerous Workflow.

Remediation Steps Avoid the dangerous workflow patterns. See this post for information on avoiding untrusted code checkouts. See this document for information on avoiding and mitigating the risk of script injections.

Dangerous Patterns Found

Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

gsa-tts-allstar[bot] commented 1 year ago

Updating issue after ping interval. See its status below.

Project is out of compliance with Dangerous Workflow policy: dangerous workflow patterns detected

Rule Description Dangerous Workflows are GitHub Action workflows that exhibit dangerous patterns that could render them vulnerable to attack. A vulnerable workflow is susceptible to leaking repository secrets, or allowing an attacker write access using the GITHUB_TOKEN. For more information about the particular patterns that are detected see the Security Scorecards Documentation for Dangerous Workflow.

Remediation Steps Avoid the dangerous workflow patterns. See this post for information on avoiding untrusted code checkouts. See this document for information on avoiding and mitigating the risk of script injections.

Dangerous Patterns Found

Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

gsa-tts-allstar[bot] commented 1 year ago

Updating issue after ping interval. See its status below.

Project is out of compliance with Dangerous Workflow policy: dangerous workflow patterns detected

Rule Description Dangerous Workflows are GitHub Action workflows that exhibit dangerous patterns that could render them vulnerable to attack. A vulnerable workflow is susceptible to leaking repository secrets, or allowing an attacker write access using the GITHUB_TOKEN. For more information about the particular patterns that are detected see the Security Scorecards Documentation for Dangerous Workflow.

Remediation Steps Avoid the dangerous workflow patterns. See this post for information on avoiding untrusted code checkouts. See this document for information on avoiding and mitigating the risk of script injections.

Dangerous Patterns Found

Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

gsa-tts-allstar[bot] commented 1 year ago

Updating issue after ping interval. See its status below.

Project is out of compliance with Dangerous Workflow policy: dangerous workflow patterns detected

Rule Description Dangerous Workflows are GitHub Action workflows that exhibit dangerous patterns that could render them vulnerable to attack. A vulnerable workflow is susceptible to leaking repository secrets, or allowing an attacker write access using the GITHUB_TOKEN. For more information about the particular patterns that are detected see the Security Scorecards Documentation for Dangerous Workflow.

Remediation Steps Avoid the dangerous workflow patterns. See this post for information on avoiding untrusted code checkouts. See this document for information on avoiding and mitigating the risk of script injections.

Dangerous Patterns Found

Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

gsa-tts-allstar[bot] commented 1 year ago

Updating issue after ping interval. See its status below.

Project is out of compliance with Dangerous Workflow policy: dangerous workflow patterns detected

Rule Description Dangerous Workflows are GitHub Action workflows that exhibit dangerous patterns that could render them vulnerable to attack. A vulnerable workflow is susceptible to leaking repository secrets, or allowing an attacker write access using the GITHUB_TOKEN. For more information about the particular patterns that are detected see the Security Scorecards Documentation for Dangerous Workflow.

Remediation Steps Avoid the dangerous workflow patterns. See this post for information on avoiding untrusted code checkouts. See this document for information on avoiding and mitigating the risk of script injections.

Dangerous Patterns Found

Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

gsa-tts-allstar[bot] commented 1 year ago

Updating issue after ping interval. See its status below.

Project is out of compliance with Dangerous Workflow policy: dangerous workflow patterns detected

Rule Description Dangerous Workflows are GitHub Action workflows that exhibit dangerous patterns that could render them vulnerable to attack. A vulnerable workflow is susceptible to leaking repository secrets, or allowing an attacker write access using the GITHUB_TOKEN. For more information about the particular patterns that are detected see the Security Scorecards Documentation for Dangerous Workflow.

Remediation Steps Avoid the dangerous workflow patterns. See this post for information on avoiding untrusted code checkouts. See this document for information on avoiding and mitigating the risk of script injections.

Dangerous Patterns Found

Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

gsa-tts-allstar[bot] commented 1 year ago

Updating issue after ping interval. See its status below.

Project is out of compliance with Dangerous Workflow policy: dangerous workflow patterns detected

Rule Description Dangerous Workflows are GitHub Action workflows that exhibit dangerous patterns that could render them vulnerable to attack. A vulnerable workflow is susceptible to leaking repository secrets, or allowing an attacker write access using the GITHUB_TOKEN. For more information about the particular patterns that are detected see the Security Scorecards Documentation for Dangerous Workflow.

Remediation Steps Avoid the dangerous workflow patterns. See this post for information on avoiding untrusted code checkouts. See this document for information on avoiding and mitigating the risk of script injections.

Dangerous Patterns Found

Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

gsa-tts-allstar[bot] commented 1 year ago

Updating issue after ping interval. See its status below.

Project is out of compliance with Dangerous Workflow policy: dangerous workflow patterns detected

Rule Description Dangerous Workflows are GitHub Action workflows that exhibit dangerous patterns that could render them vulnerable to attack. A vulnerable workflow is susceptible to leaking repository secrets, or allowing an attacker write access using the GITHUB_TOKEN. For more information about the particular patterns that are detected see the Security Scorecards Documentation for Dangerous Workflow.

Remediation Steps Avoid the dangerous workflow patterns. See this post for information on avoiding untrusted code checkouts. See this document for information on avoiding and mitigating the risk of script injections.

Dangerous Patterns Found

Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

gsa-tts-allstar[bot] commented 1 year ago

Updating issue after ping interval. See its status below.

Project is out of compliance with Dangerous Workflow policy: dangerous workflow patterns detected

Rule Description Dangerous Workflows are GitHub Action workflows that exhibit dangerous patterns that could render them vulnerable to attack. A vulnerable workflow is susceptible to leaking repository secrets, or allowing an attacker write access using the GITHUB_TOKEN. For more information about the particular patterns that are detected see the Security Scorecards Documentation for Dangerous Workflow.

Remediation Steps Avoid the dangerous workflow patterns. See this post for information on avoiding untrusted code checkouts. See this document for information on avoiding and mitigating the risk of script injections.

Dangerous Patterns Found

Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

gsa-tts-allstar[bot] commented 1 year ago

Updating issue after ping interval. See its status below.

Project is out of compliance with Dangerous Workflow policy: dangerous workflow patterns detected

Rule Description Dangerous Workflows are GitHub Action workflows that exhibit dangerous patterns that could render them vulnerable to attack. A vulnerable workflow is susceptible to leaking repository secrets, or allowing an attacker write access using the GITHUB_TOKEN. For more information about the particular patterns that are detected see the Security Scorecards Documentation for Dangerous Workflow.

Remediation Steps Avoid the dangerous workflow patterns. See this post for information on avoiding untrusted code checkouts. See this document for information on avoiding and mitigating the risk of script injections.

Dangerous Patterns Found

Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

gsa-tts-allstar[bot] commented 1 year ago

Updating issue after ping interval. See its status below.

Project is out of compliance with Dangerous Workflow policy: dangerous workflow patterns detected

Rule Description Dangerous Workflows are GitHub Action workflows that exhibit dangerous patterns that could render them vulnerable to attack. A vulnerable workflow is susceptible to leaking repository secrets, or allowing an attacker write access using the GITHUB_TOKEN. For more information about the particular patterns that are detected see the Security Scorecards Documentation for Dangerous Workflow.

Remediation Steps Avoid the dangerous workflow patterns. See this post for information on avoiding untrusted code checkouts. See this document for information on avoiding and mitigating the risk of script injections.

Dangerous Patterns Found

Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

gsa-tts-allstar[bot] commented 1 year ago

Updating issue after ping interval. See its status below.

Project is out of compliance with Dangerous Workflow policy: dangerous workflow patterns detected

Rule Description Dangerous Workflows are GitHub Action workflows that exhibit dangerous patterns that could render them vulnerable to attack. A vulnerable workflow is susceptible to leaking repository secrets, or allowing an attacker write access using the GITHUB_TOKEN. For more information about the particular patterns that are detected see the Security Scorecards Documentation for Dangerous Workflow.

Remediation Steps Avoid the dangerous workflow patterns. See this post for information on avoiding untrusted code checkouts. See this document for information on avoiding and mitigating the risk of script injections.

Dangerous Patterns Found

Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

gsa-tts-allstar[bot] commented 1 year ago

Updating issue after ping interval. See its status below.

Project is out of compliance with Dangerous Workflow policy: dangerous workflow patterns detected

Rule Description Dangerous Workflows are GitHub Action workflows that exhibit dangerous patterns that could render them vulnerable to attack. A vulnerable workflow is susceptible to leaking repository secrets, or allowing an attacker write access using the GITHUB_TOKEN. For more information about the particular patterns that are detected see the Security Scorecards Documentation for Dangerous Workflow.

Remediation Steps Avoid the dangerous workflow patterns. See this post for information on avoiding untrusted code checkouts. See this document for information on avoiding and mitigating the risk of script injections.

Dangerous Patterns Found

Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

gsa-tts-allstar[bot] commented 1 year ago

Updating issue after ping interval. See its status below.

Project is out of compliance with Dangerous Workflow policy: dangerous workflow patterns detected

Rule Description Dangerous Workflows are GitHub Action workflows that exhibit dangerous patterns that could render them vulnerable to attack. A vulnerable workflow is susceptible to leaking repository secrets, or allowing an attacker write access using the GITHUB_TOKEN. For more information about the particular patterns that are detected see the Security Scorecards Documentation for Dangerous Workflow.

Remediation Steps Avoid the dangerous workflow patterns. See this post for information on avoiding untrusted code checkouts. See this document for information on avoiding and mitigating the risk of script injections.

Dangerous Patterns Found

Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

gsa-tts-allstar[bot] commented 1 year ago

Updating issue after ping interval. See its status below.

Project is out of compliance with Dangerous Workflow policy: dangerous workflow patterns detected

Rule Description Dangerous Workflows are GitHub Action workflows that exhibit dangerous patterns that could render them vulnerable to attack. A vulnerable workflow is susceptible to leaking repository secrets, or allowing an attacker write access using the GITHUB_TOKEN. For more information about the particular patterns that are detected see the Security Scorecards Documentation for Dangerous Workflow.

Remediation Steps Avoid the dangerous workflow patterns. See this post for information on avoiding untrusted code checkouts. See this document for information on avoiding and mitigating the risk of script injections.

Dangerous Patterns Found

Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

gsa-tts-allstar[bot] commented 1 year ago

Updating issue after ping interval. See its status below.

Project is out of compliance with Dangerous Workflow policy: dangerous workflow patterns detected

Rule Description Dangerous Workflows are GitHub Action workflows that exhibit dangerous patterns that could render them vulnerable to attack. A vulnerable workflow is susceptible to leaking repository secrets, or allowing an attacker write access using the GITHUB_TOKEN. For more information about the particular patterns that are detected see the Security Scorecards Documentation for Dangerous Workflow.

Remediation Steps Avoid the dangerous workflow patterns. See this post for information on avoiding untrusted code checkouts. See this document for information on avoiding and mitigating the risk of script injections.

Dangerous Patterns Found

Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

gsa-tts-allstar[bot] commented 1 year ago

Updating issue after ping interval. See its status below.

Project is out of compliance with Dangerous Workflow policy: dangerous workflow patterns detected

Rule Description Dangerous Workflows are GitHub Action workflows that exhibit dangerous patterns that could render them vulnerable to attack. A vulnerable workflow is susceptible to leaking repository secrets, or allowing an attacker write access using the GITHUB_TOKEN. For more information about the particular patterns that are detected see the Security Scorecards Documentation for Dangerous Workflow.

Remediation Steps Avoid the dangerous workflow patterns. See this post for information on avoiding untrusted code checkouts. See this document for information on avoiding and mitigating the risk of script injections.

Dangerous Patterns Found

Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

gsa-tts-allstar[bot] commented 1 year ago

Updating issue after ping interval. See its status below.

Project is out of compliance with Dangerous Workflow policy: dangerous workflow patterns detected

Rule Description Dangerous Workflows are GitHub Action workflows that exhibit dangerous patterns that could render them vulnerable to attack. A vulnerable workflow is susceptible to leaking repository secrets, or allowing an attacker write access using the GITHUB_TOKEN. For more information about the particular patterns that are detected see the Security Scorecards Documentation for Dangerous Workflow.

Remediation Steps Avoid the dangerous workflow patterns. See this post for information on avoiding untrusted code checkouts. See this document for information on avoiding and mitigating the risk of script injections.

Dangerous Patterns Found

Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

gsa-tts-allstar[bot] commented 1 year ago

Updating issue after ping interval. See its status below.

Project is out of compliance with Dangerous Workflow policy: dangerous workflow patterns detected

Rule Description Dangerous Workflows are GitHub Action workflows that exhibit dangerous patterns that could render them vulnerable to attack. A vulnerable workflow is susceptible to leaking repository secrets, or allowing an attacker write access using the GITHUB_TOKEN. For more information about the particular patterns that are detected see the Security Scorecards Documentation for Dangerous Workflow.

Remediation Steps Avoid the dangerous workflow patterns. See this post for information on avoiding untrusted code checkouts. See this document for information on avoiding and mitigating the risk of script injections.

Dangerous Patterns Found

Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

gsa-tts-allstar[bot] commented 1 year ago

Updating issue after ping interval. See its status below.

Project is out of compliance with Dangerous Workflow policy: dangerous workflow patterns detected

Rule Description Dangerous Workflows are GitHub Action workflows that exhibit dangerous patterns that could render them vulnerable to attack. A vulnerable workflow is susceptible to leaking repository secrets, or allowing an attacker write access using the GITHUB_TOKEN. For more information about the particular patterns that are detected see the Security Scorecards Documentation for Dangerous Workflow.

Remediation Steps Avoid the dangerous workflow patterns. See this post for information on avoiding untrusted code checkouts. See this document for information on avoiding and mitigating the risk of script injections.

Dangerous Patterns Found

Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

gsa-tts-allstar[bot] commented 1 year ago

Updating issue after ping interval. See its status below.

Project is out of compliance with Dangerous Workflow policy: dangerous workflow patterns detected

Rule Description Dangerous Workflows are GitHub Action workflows that exhibit dangerous patterns that could render them vulnerable to attack. A vulnerable workflow is susceptible to leaking repository secrets, or allowing an attacker write access using the GITHUB_TOKEN. For more information about the particular patterns that are detected see the Security Scorecards Documentation for Dangerous Workflow.

Remediation Steps Avoid the dangerous workflow patterns. See this post for information on avoiding untrusted code checkouts. See this document for information on avoiding and mitigating the risk of script injections.

Dangerous Patterns Found

Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

gsa-tts-allstar[bot] commented 1 year ago

Updating issue after ping interval. See its status below.

Project is out of compliance with Dangerous Workflow policy: dangerous workflow patterns detected

Rule Description Dangerous Workflows are GitHub Action workflows that exhibit dangerous patterns that could render them vulnerable to attack. A vulnerable workflow is susceptible to leaking repository secrets, or allowing an attacker write access using the GITHUB_TOKEN. For more information about the particular patterns that are detected see the Security Scorecards Documentation for Dangerous Workflow.

Remediation Steps Avoid the dangerous workflow patterns. See this post for information on avoiding untrusted code checkouts. See this document for information on avoiding and mitigating the risk of script injections.

Dangerous Patterns Found

Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

gsa-tts-allstar[bot] commented 1 year ago

Updating issue after ping interval. See its status below.

Project is out of compliance with Dangerous Workflow policy: dangerous workflow patterns detected

Rule Description Dangerous Workflows are GitHub Action workflows that exhibit dangerous patterns that could render them vulnerable to attack. A vulnerable workflow is susceptible to leaking repository secrets, or allowing an attacker write access using the GITHUB_TOKEN. For more information about the particular patterns that are detected see the Security Scorecards Documentation for Dangerous Workflow.

Remediation Steps Avoid the dangerous workflow patterns. See this post for information on avoiding untrusted code checkouts. See this document for information on avoiding and mitigating the risk of script injections.

Dangerous Patterns Found

Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

gsa-tts-allstar[bot] commented 1 year ago

Updating issue after ping interval. See its status below.

Project is out of compliance with Dangerous Workflow policy: dangerous workflow patterns detected

Rule Description Dangerous Workflows are GitHub Action workflows that exhibit dangerous patterns that could render them vulnerable to attack. A vulnerable workflow is susceptible to leaking repository secrets, or allowing an attacker write access using the GITHUB_TOKEN. For more information about the particular patterns that are detected see the Security Scorecards Documentation for Dangerous Workflow.

Remediation Steps Avoid the dangerous workflow patterns. See this post for information on avoiding untrusted code checkouts. See this document for information on avoiding and mitigating the risk of script injections.

Dangerous Patterns Found

Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

gsa-tts-allstar[bot] commented 1 year ago

Updating issue after ping interval. See its status below.

Project is out of compliance with Dangerous Workflow policy: dangerous workflow patterns detected

Rule Description Dangerous Workflows are GitHub Action workflows that exhibit dangerous patterns that could render them vulnerable to attack. A vulnerable workflow is susceptible to leaking repository secrets, or allowing an attacker write access using the GITHUB_TOKEN. For more information about the particular patterns that are detected see the Security Scorecards Documentation for Dangerous Workflow.

Remediation Steps Avoid the dangerous workflow patterns. See this post for information on avoiding untrusted code checkouts. See this document for information on avoiding and mitigating the risk of script injections.

Dangerous Patterns Found

Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

gsa-tts-allstar[bot] commented 1 year ago

Updating issue after ping interval. See its status below.

Project is out of compliance with Dangerous Workflow policy: dangerous workflow patterns detected

Rule Description Dangerous Workflows are GitHub Action workflows that exhibit dangerous patterns that could render them vulnerable to attack. A vulnerable workflow is susceptible to leaking repository secrets, or allowing an attacker write access using the GITHUB_TOKEN. For more information about the particular patterns that are detected see the Security Scorecards Documentation for Dangerous Workflow.

Remediation Steps Avoid the dangerous workflow patterns. See this post for information on avoiding untrusted code checkouts. See this document for information on avoiding and mitigating the risk of script injections.

Dangerous Patterns Found

Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

gsa-tts-allstar[bot] commented 1 year ago

Updating issue after ping interval. See its status below.

Project is out of compliance with Dangerous Workflow policy: dangerous workflow patterns detected

Rule Description Dangerous Workflows are GitHub Action workflows that exhibit dangerous patterns that could render them vulnerable to attack. A vulnerable workflow is susceptible to leaking repository secrets, or allowing an attacker write access using the GITHUB_TOKEN. For more information about the particular patterns that are detected see the Security Scorecards Documentation for Dangerous Workflow.

Remediation Steps Avoid the dangerous workflow patterns. See this post for information on avoiding untrusted code checkouts. See this document for information on avoiding and mitigating the risk of script injections.

Dangerous Patterns Found

Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

gsa-tts-allstar[bot] commented 1 year ago

Updating issue after ping interval. See its status below.

Project is out of compliance with Dangerous Workflow policy: dangerous workflow patterns detected

Rule Description Dangerous Workflows are GitHub Action workflows that exhibit dangerous patterns that could render them vulnerable to attack. A vulnerable workflow is susceptible to leaking repository secrets, or allowing an attacker write access using the GITHUB_TOKEN. For more information about the particular patterns that are detected see the Security Scorecards Documentation for Dangerous Workflow.

Remediation Steps Avoid the dangerous workflow patterns. See this post for information on avoiding untrusted code checkouts. See this document for information on avoiding and mitigating the risk of script injections.

Dangerous Patterns Found

Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

gsa-tts-allstar[bot] commented 1 year ago

Updating issue after ping interval. See its status below.

Project is out of compliance with Dangerous Workflow policy: dangerous workflow patterns detected

Rule Description Dangerous Workflows are GitHub Action workflows that exhibit dangerous patterns that could render them vulnerable to attack. A vulnerable workflow is susceptible to leaking repository secrets, or allowing an attacker write access using the GITHUB_TOKEN. For more information about the particular patterns that are detected see the Security Scorecards Documentation for Dangerous Workflow.

Remediation Steps Avoid the dangerous workflow patterns. See this post for information on avoiding untrusted code checkouts. See this document for information on avoiding and mitigating the risk of script injections.

Dangerous Patterns Found

Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

gsa-tts-allstar[bot] commented 1 year ago

Updating issue after ping interval. See its status below.

Project is out of compliance with Dangerous Workflow policy: dangerous workflow patterns detected

Rule Description Dangerous Workflows are GitHub Action workflows that exhibit dangerous patterns that could render them vulnerable to attack. A vulnerable workflow is susceptible to leaking repository secrets, or allowing an attacker write access using the GITHUB_TOKEN. For more information about the particular patterns that are detected see the Security Scorecards Documentation for Dangerous Workflow.

Remediation Steps Avoid the dangerous workflow patterns. See this post for information on avoiding untrusted code checkouts. See this document for information on avoiding and mitigating the risk of script injections.

Dangerous Patterns Found

Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

gsa-tts-allstar[bot] commented 1 year ago

Updating issue after ping interval. See its status below.

Project is out of compliance with Dangerous Workflow policy: dangerous workflow patterns detected

Rule Description Dangerous Workflows are GitHub Action workflows that exhibit dangerous patterns that could render them vulnerable to attack. A vulnerable workflow is susceptible to leaking repository secrets, or allowing an attacker write access using the GITHUB_TOKEN. For more information about the particular patterns that are detected see the Security Scorecards Documentation for Dangerous Workflow.

Remediation Steps Avoid the dangerous workflow patterns. See this post for information on avoiding untrusted code checkouts. See this document for information on avoiding and mitigating the risk of script injections.

Dangerous Patterns Found

Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

gsa-tts-allstar[bot] commented 1 year ago

Updating issue after ping interval. See its status below.

Project is out of compliance with Dangerous Workflow policy: dangerous workflow patterns detected

Rule Description Dangerous Workflows are GitHub Action workflows that exhibit dangerous patterns that could render them vulnerable to attack. A vulnerable workflow is susceptible to leaking repository secrets, or allowing an attacker write access using the GITHUB_TOKEN. For more information about the particular patterns that are detected see the Security Scorecards Documentation for Dangerous Workflow.

Remediation Steps Avoid the dangerous workflow patterns. See this post for information on avoiding untrusted code checkouts. See this document for information on avoiding and mitigating the risk of script injections.

Dangerous Patterns Found

Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

gsa-tts-allstar[bot] commented 1 year ago

Updating issue after ping interval. See its status below.

Project is out of compliance with Dangerous Workflow policy: dangerous workflow patterns detected

Rule Description Dangerous Workflows are GitHub Action workflows that exhibit dangerous patterns that could render them vulnerable to attack. A vulnerable workflow is susceptible to leaking repository secrets, or allowing an attacker write access using the GITHUB_TOKEN. For more information about the particular patterns that are detected see the Security Scorecards Documentation for Dangerous Workflow.

Remediation Steps Avoid the dangerous workflow patterns. See this post for information on avoiding untrusted code checkouts. See this document for information on avoiding and mitigating the risk of script injections.

Dangerous Patterns Found

Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

gsa-tts-allstar[bot] commented 1 year ago

Updating issue after ping interval. See its status below.

Project is out of compliance with Dangerous Workflow policy: dangerous workflow patterns detected

Rule Description Dangerous Workflows are GitHub Action workflows that exhibit dangerous patterns that could render them vulnerable to attack. A vulnerable workflow is susceptible to leaking repository secrets, or allowing an attacker write access using the GITHUB_TOKEN. For more information about the particular patterns that are detected see the Security Scorecards Documentation for Dangerous Workflow.

Remediation Steps Avoid the dangerous workflow patterns. See this post for information on avoiding untrusted code checkouts. See this document for information on avoiding and mitigating the risk of script injections.

Dangerous Patterns Found

Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

gsa-tts-allstar[bot] commented 1 year ago

Updating issue after ping interval. See its status below.

Project is out of compliance with Dangerous Workflow policy: dangerous workflow patterns detected

Rule Description Dangerous Workflows are GitHub Action workflows that exhibit dangerous patterns that could render them vulnerable to attack. A vulnerable workflow is susceptible to leaking repository secrets, or allowing an attacker write access using the GITHUB_TOKEN. For more information about the particular patterns that are detected see the Security Scorecards Documentation for Dangerous Workflow.

Remediation Steps Avoid the dangerous workflow patterns. See this post for information on avoiding untrusted code checkouts. See this document for information on avoiding and mitigating the risk of script injections.

Dangerous Patterns Found

Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

gsa-tts-allstar[bot] commented 1 year ago

Updating issue after ping interval. See its status below.

Project is out of compliance with Dangerous Workflow policy: dangerous workflow patterns detected

Rule Description Dangerous Workflows are GitHub Action workflows that exhibit dangerous patterns that could render them vulnerable to attack. A vulnerable workflow is susceptible to leaking repository secrets, or allowing an attacker write access using the GITHUB_TOKEN. For more information about the particular patterns that are detected see the Security Scorecards Documentation for Dangerous Workflow.

Remediation Steps Avoid the dangerous workflow patterns. See this post for information on avoiding untrusted code checkouts. See this document for information on avoiding and mitigating the risk of script injections.

Dangerous Patterns Found

Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

gsa-tts-allstar[bot] commented 1 year ago

Updating issue after ping interval. See its status below.

Project is out of compliance with Dangerous Workflow policy: dangerous workflow patterns detected

Rule Description Dangerous Workflows are GitHub Action workflows that exhibit dangerous patterns that could render them vulnerable to attack. A vulnerable workflow is susceptible to leaking repository secrets, or allowing an attacker write access using the GITHUB_TOKEN. For more information about the particular patterns that are detected see the Security Scorecards Documentation for Dangerous Workflow.

Remediation Steps Avoid the dangerous workflow patterns. See this post for information on avoiding untrusted code checkouts. See this document for information on avoiding and mitigating the risk of script injections.

Dangerous Patterns Found

Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

gsa-tts-allstar[bot] commented 1 year ago

Updating issue after ping interval. See its status below.

Project is out of compliance with Dangerous Workflow policy: dangerous workflow patterns detected

Rule Description Dangerous Workflows are GitHub Action workflows that exhibit dangerous patterns that could render them vulnerable to attack. A vulnerable workflow is susceptible to leaking repository secrets, or allowing an attacker write access using the GITHUB_TOKEN. For more information about the particular patterns that are detected see the Security Scorecards Documentation for Dangerous Workflow.

Remediation Steps Avoid the dangerous workflow patterns. See this post for information on avoiding untrusted code checkouts. See this document for information on avoiding and mitigating the risk of script injections.

Dangerous Patterns Found

Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.

gsa-tts-allstar[bot] commented 1 year ago

Updating issue after ping interval. See its status below.

Project is out of compliance with Dangerous Workflow policy: dangerous workflow patterns detected

Rule Description Dangerous Workflows are GitHub Action workflows that exhibit dangerous patterns that could render them vulnerable to attack. A vulnerable workflow is susceptible to leaking repository secrets, or allowing an attacker write access using the GITHUB_TOKEN. For more information about the particular patterns that are detected see the Security Scorecards Documentation for Dangerous Workflow.

Remediation Steps Avoid the dangerous workflow patterns. See this post for information on avoiding untrusted code checkouts. See this document for information on avoiding and mitigating the risk of script injections.

Dangerous Patterns Found

Additional Information This policy is drawn from Security Scorecards, which is a tool that scores a project's adherence to security best practices. You may wish to run a Scorecards scan directly on this repository for more details.