github-actions(deps): bump anchore/sbom-action from 0.17.8 to 0.18.0 in /security-actions/scan-docker-image #7
dependabot[bot]gh_sast.yaml Required
on: pull_request
analyze-ci
/
metadata
0s
analyze-ci
/
shellcheck
5s
analyze-ci
/
actionlint
5s
analyze-ci
/
ghlint
17s
analyze-ci
/
gh-sast
2m 37s
Annotations
6 errors and 11 warnings
|
analyze-ci / ghlint
ghlint has detected findings. For findings, check workflow artifact: ghlint-report.zip / Github Security analysis
|
|
analyze-ci / ghlint
Process completed with exit code 1.
|
|
analyze-ci / ghlint
Process completed with exit code 1.
|
|
analyze-ci / gh-sast
Process completed with exit code 14.
|
|
analyze-ci / gh-sast
zizmor has detected findings. For findings, check workflow artifact: gh-ci-sast-report.zip / Github Security analysis
|
|
analyze-ci / gh-sast
Process completed with exit code 1.
|
|
MissingJobPermissions:
.github/workflows/build-sdk-js.yml#L15
Job[test-build-sdk-js] is missing permissions.
For more information, see the online documentation: https://ghlint.twisterrob.net/issues/default/MissingJobPermissions/
|
|
MissingJobTimeout:
.github/workflows/build-sdk-js.yml#L15
Job[test-build-sdk-js] is missing `timeout-minutes`.
For more information, see the online documentation: https://ghlint.twisterrob.net/issues/default/MissingJobTimeout/
|
|
MissingStepName:
.github/workflows/build-sdk-js.yml#L21
Step[actions/checkout@v4] in Job[test-build-sdk-js] is missing a name, add one to improve developer experience.
For more information, see the online documentation: https://ghlint.twisterrob.net/issues/default/MissingStepName/
|
|
MissingStepName:
.github/workflows/build-sdk-js.yml#L22
Step[actions/checkout@v4] in Job[test-build-sdk-js] is missing a name, add one to improve developer experience.
For more information, see the online documentation: https://ghlint.twisterrob.net/issues/default/MissingStepName/
|
|
MissingStepName:
.github/workflows/build-sdk-js.yml#L26
Step[./code-build-actions/build-js-sdk] in Job[test-build-sdk-js] is missing a name, add one to improve developer experience.
For more information, see the online documentation: https://ghlint.twisterrob.net/issues/default/MissingStepName/
|
|
PreferGitHubToken:
.github/workflows/build-sdk-js.yml#L26
`token` input in Step[./code-build-actions/build-js-sdk] in Job[test-build-sdk-js] should use `github.token` in `${{secrets.GITHUB_TOKEN}}`.
For more information, see the online documentation: https://ghlint.twisterrob.net/issues/default/PreferGitHubToken/
|
|
ExplicitJobPermissions:
.github/workflows/ci.yml#L15
Job[setup-and-lint] should have explicit permissions.
For more information, see the online documentation: https://ghlint.twisterrob.net/issues/default/ExplicitJobPermissions/
|
|
ExplicitJobPermissions:
.github/workflows/ci.yml#L46
Job[slack_notification] should have explicit permissions.
For more information, see the online documentation: https://ghlint.twisterrob.net/issues/default/ExplicitJobPermissions/
|
|
JobIdNaming:
.github/workflows/ci.yml#L46
Job[slack_notification] should have a lower-case kebab ID.
For more information, see the online documentation: https://ghlint.twisterrob.net/issues/default/JobIdNaming/
|
|
MissingJobTimeout:
.github/workflows/ci.yml#L15
Job[setup-and-lint] is missing `timeout-minutes`.
For more information, see the online documentation: https://ghlint.twisterrob.net/issues/default/MissingJobTimeout/
|
|
analyze-ci / ghlint
No files were found with the provided path: . No artifacts will be uploaded.
|
Artifacts
Produced during runtime
| Name | Size | |
|---|---|---|
|
zizmor_antipattern_report.zip
Expired
|
23.5 KB |
|