Add semgrep checks for pinned actions. #26

billnapier · 2025-03-31T20:14:43Z

This will look at all workflow files and look at:

uses: org/repo@v5

and encourage users to instead pin those to git commits.

This will look at all workflow files and look at: ``` uses: org/repo@v5 ``` and encourage users to instead pin those to git commits.

github-actions · 2025-03-31T20:15:11Z

PR Preview Action v1.6.0
Preview removed because the pull request was closed.
2025-03-31 21:03 UTC

semgrep-tests/actions/actions_need_pinned_commits.test.yaml

.github/workflows/markdown_format.yml

.github/workflows/publish_docs.yml

.github/workflows/publish_docs_preview.yml

.github/workflows/yaml_format.yml

semgrep-tests/actions/actions_need_pinned_commits.test.yaml

Add semgrep tests for pinned actions.

f4080b5

This will look at all workflow files and look at: ``` uses: org/repo@v5 ``` and encourage users to instead pin those to git commits.

github-advanced-security bot found potential problems Mar 31, 2025

View reviewed changes

semgrep-tests/actions/actions_need_pinned_commits.test.yaml Fixed Show fixed Hide fixed

semgrep-tests/actions/actions_need_pinned_commits.test.yaml Dismissed Show dismissed Hide dismissed

semgrep-tests/actions/actions_need_pinned_commits.test.yaml Dismissed Show dismissed Hide dismissed

billnapier added 2 commits March 31, 2025 20:16

Fix mdformat.

2145ea1

Use ratchet to pin all our action usage references.

e1be33a

billnapier changed the title ~~Add semgrep tests for pinned actions.~~ Add semgrep checks for pinned actions. Mar 31, 2025

github-advanced-security bot found potential problems Mar 31, 2025

View reviewed changes

billnapier added 2 commits March 31, 2025 20:21

Fix message to also include link to docs.

74634de

Add additional test case.

185ddcf

github-advanced-security bot found potential problems Mar 31, 2025

View reviewed changes

semgrep-tests/actions/actions_need_pinned_commits.test.yaml Dismissed Show dismissed Hide dismissed

Fix yaml format.

5cf2956

billnapier marked this pull request as ready for review March 31, 2025 20:30

billnapier requested a review from a team March 31, 2025 20:31

jessikad-google approved these changes Mar 31, 2025

View reviewed changes

Laptop765 approved these changes Mar 31, 2025

View reviewed changes

billnapier merged commit cf58e83 into master Mar 31, 2025
7 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Add semgrep checks for pinned actions. #26

Add semgrep checks for pinned actions. #26

Uh oh!

billnapier commented Mar 31, 2025

Uh oh!

github-actions bot commented Mar 31, 2025 •

edited

Loading

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Add semgrep checks for pinned actions. #26

Add semgrep checks for pinned actions. #26

Uh oh!

Conversation

billnapier commented Mar 31, 2025

Uh oh!

github-actions bot commented Mar 31, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

github-actions bot commented Mar 31, 2025 •

edited

Loading