You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
❌ Linted [REPOSITORY] files with [kics]: Found 1 error(s) - (40.1s) (expand for details)
- Using [kics v1.7.10] https://megalinter.io/7.5.0/descriptors/repository_kics
- MegaLinter key: [REPOSITORY_KICS]
- Rules config: identified by [kics]
--Error detail:
.0MO.
OMMMx
;NMX;
... ... ....
WMMMd cWMMM0. KMMMO ;xKWMMMMNOc. ,xXMMMMMWXkc.
WMMMd .0MMMN: KMMMO :XMMMMMMMMMMMWl xMMMMMWMMMMMMl
WMMMd lWMMMO. KMMMO xMMMMKc...'lXMk ,MMMMx .;dXx
WMMMd.0MMMX; KMMMO cMMMMd ' 'MMMMNl'
WMMMNWMMMMl KMMMO 0MMMN oMMMMMMMXkl.
WMMMMMMMMMMo KMMMO 0MMMX .ckKWMMMMMM0.
WMMMMWokMMMMk KMMMO oMMMMc . .:OMMMM0
WMMMK. dMMMM0. KMMMO KMMMMx' ,kNc :WOc. .NMMMX
WMMMd cWMMMX. KMMMO kMMMMMWXNMMMMMd .WMMMMWKO0NMMMMl
WMMMd ,NMMMN, KMMMO 'xNMMMMMMMNx, .l0WMMMMMMMWk,
xkkk: ,kkkkx okkkl ;xKXKx; ;dOKKkc
Scanning with Keeping Infrastructure as Code Secure v1.7.10
Files scanned: 9
Parsed files: 9
Queries loaded: 296
Queries failed to execute: 0
------------------------------------
Unpinned Actions Full Length Commit SHA, Severity: MEDIUM, Results: 1
Description: Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
Platform: CICD
Learn more about this vulnerability: https://docs.kics.io/latest/queries/cicd-queries/555ab8f9-2001-455e-a077-f2d0f41e2fb9
[1]: .github/workflows/mega-linter.yaml:75
074:
075: uses: oxsecurity/megalinter/flavors/[email protected]
076:
Results Summary:
HIGH: 0
MEDIUM: 1
LOW: 0
INFO: 0
TOTAL: 1
Scan duration: 39.132893576s
vorburger
changed the title
bug(<scope>): docs.kics.io/latest/queries/cicd-queries/... 404 File not found
bug(scan): docs.kics.io/latest/queries/cicd-queries/... 404 File not found
Nov 1, 2023
https://github.com/www-learn-study/saraswati.learn.study/actions/runs/6713569038/job/18245340655
which uses Kics via https://github.com/oxsecurity/megalinter,
failed like this:
However https://docs.kics.io/latest/queries/cicd-queries/555ab8f9-2001-455e-a077-f2d0f41e2fb9 is 404 File not found.
Not a huge blocking issue, of course; but just wanted to let you know, in case you want to fix this.
The text was updated successfully, but these errors were encountered: