Skip to content

fix: sql serverless config; clusters lifecycle rule removed #4

fix: sql serverless config; clusters lifecycle rule removed

fix: sql serverless config; clusters lifecycle rule removed #4

Triggered via pull request March 14, 2024 12:23
Status Success
Total duration 59s
Artifacts

kics_sec_scan.yml

on: pull_request
Run security KICS scaner
50s
Run security KICS scaner
Fit to window
Zoom out
Zoom in

Annotations

11 warnings
Run security KICS scaner
Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: actions/checkout@v3. For more information see: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/.
[HIGH] Passwords And Secrets - Generic Secret: mount.tf#L14
Query to find passwords and secrets in infrastructure code.
[MEDIUM] Unpinned Actions Full Length Commit SHA: .github/workflows/kics_sec_scan.yml#L18
Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
[MEDIUM] Unpinned Actions Full Length Commit SHA: .github/workflows/pre-commit.yml#L24
Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
[MEDIUM] Unpinned Actions Full Length Commit SHA: .github/workflows/pre-commit.yml#L54
Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
[MEDIUM] Unpinned Actions Full Length Commit SHA: .github/workflows/pre-commit.yml#L39
Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
[MEDIUM] Unpinned Actions Full Length Commit SHA: .github/workflows/pr-validate.yml#L15
Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
[MEDIUM] Unpinned Actions Full Length Commit SHA: .github/workflows/pre-commit.yml#L75
Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
[MEDIUM] Unpinned Actions Full Length Commit SHA: .github/workflows/pre-commit.yml#L46
Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
[MEDIUM] Unpinned Actions Full Length Commit SHA: .github/workflows/pre-commit.yml#L72
Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
[MEDIUM] Unpinned Actions Full Length Commit SHA: .github/workflows/release.yml#L28
Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.