You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
KICS should not detect rule "Unpinned Actions Full Length Commit SHA" when a relative path is used in the uses field in a Github Actions workflow.
Actual Behavior
The "Action is not pinned to a full length commit SHA." rule (555ab8f9-2001-455e-a077-f2d0f41e2fb9) shows as failed for action at step relative-path, which has a relative path in the same repository.
Steps to Reproduce the Problem
Create a minimal github action (.github/workflows/sample.yml):
How are you?
Thanks for your contribution.
Just request for our AppSec to review the issue.
Br,
João Martins
[ APPSEC-2397 ]
cw-alexcroteau
changed the title
bug(github_actions): github actions relative path detected as not pinned
bug(githubactions): github actions relative path detected as not pinned
Mar 20, 2024
Expected Behavior
KICS should not detect rule "Unpinned Actions Full Length Commit SHA" when a relative path is used in the
uses
field in a Github Actions workflow.Actual Behavior
The "Action is not pinned to a full length commit SHA." rule (555ab8f9-2001-455e-a077-f2d0f41e2fb9) shows as failed for action at step
relative-path
, which has a relative path in the same repository.Steps to Reproduce the Problem
.github/workflows/sample.yml
):docker run -t -v $(pwd)/.github:/path checkmarx/kics:latest scan -p /path -o "/path/" --report-formats "json,sarif,html"
Specifications
(N/A if not applicable)
latest
tag in DockerThe text was updated successfully, but these errors were encountered: