Conversation
![cycode-security[bot]](https://avatars.githubusercontent.com/in/39308?s=60&v=4){kind=small}
| - name: Upload files to release | ||
| if: ${{ github.event_name == 'workflow_dispatch' && inputs.publish }} | ||
| uses: svenstaro/upload-release-action@v2 | ||
| uses: svenstaro/upload-release-action@b98a3b12e86552593f3e4e577ca8a62aa2f3f22b # v2 |
There was a problem hiding this comment.
❗Cycode: Insecure CI/CD pipeline configuration issue: 'GitHub workflows use uncertified CI/CD modules'.
Severity: Medium
Description
Enable this policy to be notified if your CI/CD workflows use reusable modules that are not certified by the service provider or created by a verified partner.
Cycode Remediation Guideline
Restrict - Do not allow the use of uncertified modules in this workflow, or in any workflow of this repository. After this action has been applied, the workflow cannot run anymore, and new uncertified modules cannot be used.
To do this, click on "Take Action".
Accept and Control - Map out the different modules that are used by workflows and evaluate their risk by examining their creator credibility, usage context, version etc.
To do this, use Cycode Knowledge Graph.
Avoid - Disable GitHub actions completely for this repository.
To do this from Cycode, enable the policy Excessive repository permissions for using GitHub actions and “Take Action” on its detected violations.
Tell us how you wish to proceed using one of the following commands:
| Tag | Short Description |
|---|---|
| #cycode_ignore_insecure_pipeline_violation_everywhere <reason> | Applies to this resource for this violation for all requests in your repository |
| #cycode_ignore_insecure_pipeline_violation_here <reason> | Applies to this resource for this violation in this request only |
| - name: Setup Poetry | ||
| if: steps.cached-poetry.outputs.cache-hit != 'true' | ||
| uses: snok/install-poetry@v1 | ||
| uses: snok/install-poetry@76e04a911780d5b312d89783f7b1cd627778900a # v1.4.1 |
There was a problem hiding this comment.
❗Cycode: Insecure CI/CD pipeline configuration issue: 'GitHub workflows use uncertified CI/CD modules'.
Severity: Medium
Description
Enable this policy to be notified if your CI/CD workflows use reusable modules that are not certified by the service provider or created by a verified partner.
Cycode Remediation Guideline
Restrict - Do not allow the use of uncertified modules in this workflow, or in any workflow of this repository. After this action has been applied, the workflow cannot run anymore, and new uncertified modules cannot be used.
To do this, click on "Take Action".
Accept and Control - Map out the different modules that are used by workflows and evaluate their risk by examining their creator credibility, usage context, version etc.
To do this, use Cycode Knowledge Graph.
Avoid - Disable GitHub actions completely for this repository.
To do this from Cycode, enable the policy Excessive repository permissions for using GitHub actions and “Take Action” on its detected violations.
Tell us how you wish to proceed using one of the following commands:
| Tag | Short Description |
|---|---|
| #cycode_ignore_insecure_pipeline_violation_everywhere <reason> | Applies to this resource for this violation for all requests in your repository |
| #cycode_ignore_insecure_pipeline_violation_here <reason> | Applies to this resource for this violation in this request only |
| - name: Setup Poetry | ||
| if: steps.cached_poetry.outputs.cache-hit != 'true' | ||
| uses: snok/install-poetry@v1 | ||
| uses: snok/install-poetry@76e04a911780d5b312d89783f7b1cd627778900a # v1.4.1 |
There was a problem hiding this comment.
❗Cycode: Insecure CI/CD pipeline configuration issue: 'GitHub workflows use uncertified CI/CD modules'.
Severity: Medium
Description
Enable this policy to be notified if your CI/CD workflows use reusable modules that are not certified by the service provider or created by a verified partner.
Cycode Remediation Guideline
Restrict - Do not allow the use of uncertified modules in this workflow, or in any workflow of this repository. After this action has been applied, the workflow cannot run anymore, and new uncertified modules cannot be used.
To do this, click on "Take Action".
Accept and Control - Map out the different modules that are used by workflows and evaluate their risk by examining their creator credibility, usage context, version etc.
To do this, use Cycode Knowledge Graph.
Avoid - Disable GitHub actions completely for this repository.
To do this from Cycode, enable the policy Excessive repository permissions for using GitHub actions and “Take Action” on its detected violations.
Tell us how you wish to proceed using one of the following commands:
| Tag | Short Description |
|---|---|
| #cycode_ignore_insecure_pipeline_violation_everywhere <reason> | Applies to this resource for this violation for all requests in your repository |
| #cycode_ignore_insecure_pipeline_violation_here <reason> | Applies to this resource for this violation in this request only |
| - name: Setup Poetry | ||
| if: steps.cached-poetry.outputs.cache-hit != 'true' | ||
| uses: snok/install-poetry@v1 | ||
| uses: snok/install-poetry@76e04a911780d5b312d89783f7b1cd627778900a # v1.4.1 |
There was a problem hiding this comment.
❗Cycode: Insecure CI/CD pipeline configuration issue: 'GitHub workflows use uncertified CI/CD modules'.
Severity: Medium
Description
Enable this policy to be notified if your CI/CD workflows use reusable modules that are not certified by the service provider or created by a verified partner.
Cycode Remediation Guideline
Restrict - Do not allow the use of uncertified modules in this workflow, or in any workflow of this repository. After this action has been applied, the workflow cannot run anymore, and new uncertified modules cannot be used.
To do this, click on "Take Action".
Accept and Control - Map out the different modules that are used by workflows and evaluate their risk by examining their creator credibility, usage context, version etc.
To do this, use Cycode Knowledge Graph.
Avoid - Disable GitHub actions completely for this repository.
To do this from Cycode, enable the policy Excessive repository permissions for using GitHub actions and “Take Action” on its detected violations.
Tell us how you wish to proceed using one of the following commands:
| Tag | Short Description |
|---|---|
| #cycode_ignore_insecure_pipeline_violation_everywhere <reason> | Applies to this resource for this violation for all requests in your repository |
| #cycode_ignore_insecure_pipeline_violation_here <reason> | Applies to this resource for this violation in this request only |
| - name: Setup Poetry | ||
| if: steps.cached-poetry.outputs.cache-hit != 'true' | ||
| uses: snok/install-poetry@v1 | ||
| uses: snok/install-poetry@76e04a911780d5b312d89783f7b1cd627778900a # v1.4.1 |
There was a problem hiding this comment.
❗Cycode: Insecure CI/CD pipeline configuration issue: 'GitHub workflows use uncertified CI/CD modules'.
Severity: Medium
Description
Enable this policy to be notified if your CI/CD workflows use reusable modules that are not certified by the service provider or created by a verified partner.
Cycode Remediation Guideline
Restrict - Do not allow the use of uncertified modules in this workflow, or in any workflow of this repository. After this action has been applied, the workflow cannot run anymore, and new uncertified modules cannot be used.
To do this, click on "Take Action".
Accept and Control - Map out the different modules that are used by workflows and evaluate their risk by examining their creator credibility, usage context, version etc.
To do this, use Cycode Knowledge Graph.
Avoid - Disable GitHub actions completely for this repository.
To do this from Cycode, enable the policy Excessive repository permissions for using GitHub actions and “Take Action” on its detected violations.
Tell us how you wish to proceed using one of the following commands:
| Tag | Short Description |
|---|---|
| #cycode_ignore_insecure_pipeline_violation_everywhere <reason> | Applies to this resource for this violation for all requests in your repository |
| #cycode_ignore_insecure_pipeline_violation_here <reason> | Applies to this resource for this violation in this request only |
| - name: Setup Poetry | ||
| if: steps.cached-poetry.outputs.cache-hit != 'true' | ||
| uses: snok/install-poetry@v1 | ||
| uses: snok/install-poetry@76e04a911780d5b312d89783f7b1cd627778900a # v1.4.1 |
There was a problem hiding this comment.
❗Cycode: Insecure CI/CD pipeline configuration issue: 'GitHub workflows use uncertified CI/CD modules'.
Severity: Medium
Description
Enable this policy to be notified if your CI/CD workflows use reusable modules that are not certified by the service provider or created by a verified partner.
Cycode Remediation Guideline
Restrict - Do not allow the use of uncertified modules in this workflow, or in any workflow of this repository. After this action has been applied, the workflow cannot run anymore, and new uncertified modules cannot be used.
To do this, click on "Take Action".
Accept and Control - Map out the different modules that are used by workflows and evaluate their risk by examining their creator credibility, usage context, version etc.
To do this, use Cycode Knowledge Graph.
Avoid - Disable GitHub actions completely for this repository.
To do this from Cycode, enable the policy Excessive repository permissions for using GitHub actions and “Take Action” on its detected violations.
Tell us how you wish to proceed using one of the following commands:
| Tag | Short Description |
|---|---|
| #cycode_ignore_insecure_pipeline_violation_everywhere <reason> | Applies to this resource for this violation for all requests in your repository |
| #cycode_ignore_insecure_pipeline_violation_here <reason> | Applies to this resource for this violation in this request only |
| - name: Setup Poetry | ||
| if: steps.cached-poetry.outputs.cache-hit != 'true' | ||
| uses: snok/install-poetry@v1 | ||
| uses: snok/install-poetry@76e04a911780d5b312d89783f7b1cd627778900a # v1.4.1 |
There was a problem hiding this comment.
❗Cycode: Insecure CI/CD pipeline configuration issue: 'GitHub workflows use uncertified CI/CD modules'.
Severity: Medium
Description
Enable this policy to be notified if your CI/CD workflows use reusable modules that are not certified by the service provider or created by a verified partner.
Cycode Remediation Guideline
Restrict - Do not allow the use of uncertified modules in this workflow, or in any workflow of this repository. After this action has been applied, the workflow cannot run anymore, and new uncertified modules cannot be used.
To do this, click on "Take Action".
Accept and Control - Map out the different modules that are used by workflows and evaluate their risk by examining their creator credibility, usage context, version etc.
To do this, use Cycode Knowledge Graph.
Avoid - Disable GitHub actions completely for this repository.
To do this from Cycode, enable the policy Excessive repository permissions for using GitHub actions and “Take Action” on its detected violations.
Tell us how you wish to proceed using one of the following commands:
| Tag | Short Description |
|---|---|
| #cycode_ignore_insecure_pipeline_violation_everywhere <reason> | Applies to this resource for this violation for all requests in your repository |
| #cycode_ignore_insecure_pipeline_violation_here <reason> | Applies to this resource for this violation in this request only |
| - name: Setup Poetry | ||
| if: steps.cached-poetry.outputs.cache-hit != 'true' | ||
| uses: snok/install-poetry@v1 | ||
| uses: snok/install-poetry@76e04a911780d5b312d89783f7b1cd627778900a # v1.4.1 |
There was a problem hiding this comment.
❗Cycode: Insecure CI/CD pipeline configuration issue: 'GitHub workflows use uncertified CI/CD modules'.
Severity: Medium
Description
Enable this policy to be notified if your CI/CD workflows use reusable modules that are not certified by the service provider or created by a verified partner.
Cycode Remediation Guideline
Restrict - Do not allow the use of uncertified modules in this workflow, or in any workflow of this repository. After this action has been applied, the workflow cannot run anymore, and new uncertified modules cannot be used.
To do this, click on "Take Action".
Accept and Control - Map out the different modules that are used by workflows and evaluate their risk by examining their creator credibility, usage context, version etc.
To do this, use Cycode Knowledge Graph.
Avoid - Disable GitHub actions completely for this repository.
To do this from Cycode, enable the policy Excessive repository permissions for using GitHub actions and “Take Action” on its detected violations.
Tell us how you wish to proceed using one of the following commands:
| Tag | Short Description |
|---|---|
| #cycode_ignore_insecure_pipeline_violation_everywhere <reason> | Applies to this resource for this violation for all requests in your repository |
| #cycode_ignore_insecure_pipeline_violation_here <reason> | Applies to this resource for this violation in this request only |
1 participant
No description provided.