search

woodruffw / zizmor

A tool for finding security issues in GitHub Actions setups.
https://crates.io/crates/zizmor
MIT License
64 stars 2 forks source link

template-injection: `github.ref_name` is always bad #62

Open woodruffw opened 8 hours ago

woodruffw commented 8 hours ago

Right now we catch it with a fallthrough, but we should explicitly flag this one.

h/t @fcasal