search

guacsec / guac

GUAC aggregates software security metadata into a high fidelity graph database.
https://guac.sh
Apache License 2.0
1.29k stars 176 forks source link

zizmor audit for CI workflow #2267

Closed funnelfiasco closed 6 days ago

funnelfiasco commented 2 weeks ago 
🌈 completed ci.yaml
warning[artipacked]: credential persistence through GitHub Actions artifacts
  --> .github/workflows/ci.yaml:69:9
   |
69 |         - name: Checkout code
   |  _________-
70 | |         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # tag=v3
   | |________________________________________________________________________________- does not set persist-credentials: false
   |
   = note: audit confidence → Low

warning[artipacked]: credential persistence through GitHub Actions artifacts
   --> .github/workflows/ci.yaml:108:9
    |
108 |         - name: Checkout code
    |  _________-
109 | |         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # tag=v3
    | |________________________________________________________________________________- does not set persist-credentials: false
    |
    = note: audit confidence → Low

warning[artipacked]: credential persistence through GitHub Actions artifacts
   --> .github/workflows/ci.yaml:146:7
    |
146 |     - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
    |       --------------------------------------------------------------- does not set persist-credentials: false
    |
    = note: audit confidence → Low

warning[artipacked]: credential persistence through GitHub Actions artifacts
  --> .github/workflows/ci.yaml:38:9
   |
38 |         - name: Checkout code
   |  _________-
39 | |         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # tag=v3
   | |________________________________________________________________________________- does not set persist-credentials: false
   |
   = note: audit confidence → Low

warning[artipacked]: credential persistence through GitHub Actions artifacts
  --> .github/workflows/ci.yaml:90:9
   |
90 |         - name: Checkout code
   |  _________-
91 | |         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # tag=v3
   | |________________________________________________________________________________- does not set persist-credentials: false
   |
   = note: audit confidence → Low

warning[artipacked]: credential persistence through GitHub Actions artifacts
   --> .github/workflows/ci.yaml:225:9
    |
225 |         - name: Checkout code
    |  _________-
226 | |         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # tag=v3
    | |________________________________________________________________________________- does not set persist-credentials: false
    |
    = note: audit confidence → Low

6 findings (0 ignored): 0 unknown, 0 informational, 0 low, 6 medium, 0 high