Closed watsondm closed 3 months ago
Checkmarx One – Scan Summary & Details – 89b37388-8146-49e0-971a-42874f5bddd8
Severity | Issue | Source File / Package | Checkmarx Insight |
---|---|---|---|
![]() |
Unpinned Actions Full Length Commit SHA | /update-versions.yml: 72 | Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps... |
![]() |
Unpinned Actions Full Length Commit SHA | /update-versions.yml: 48 | Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps... |
![]() |
Unpinned Actions Full Length Commit SHA | /update-versions.yml: 26 | Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps... |
![]() |
Unpinned Actions Full Length Commit SHA | /update-versions.yml: 109 | Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps... |
![]() |
Unpinned Actions Full Length Commit SHA | /release.yml: 240 | Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps... |
![]() |
Unpinned Actions Full Length Commit SHA | /release.yml: 201 | Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps... |
Severity | Issue | Source File / Package |
---|---|---|
![]() |
Unpinned Actions Full Length Commit SHA | /update-versions.yml: 27 |
![]() |
Unpinned Actions Full Length Commit SHA | /release.yml: 257 |
![]() |
Unpinned Actions Full Length Commit SHA | /release.yml: 218 |
![]() |
Unpinned Actions Full Length Commit SHA | /update-versions.yml: 49 |
![]() |
Unpinned Actions Full Length Commit SHA | /update-versions.yml: 73 |
Type of change
Objective
Remove R2 bucket secrets and publish artifacts to R2 step from selfhost release workflow
This is required as part of the migration from Cloudflare to Fastly for this static asset
We will use the existing AWS S3 buckets as the origins fronted by Fastly
Code changes