Skip to content

[static-analysis] Report - 2026-06-11 #38525

Closed as not planned
Closed as not planned
[static-analysis] Report - 2026-06-11#38525
Labels
automationsecuritystatic-analysis
@github-actions

Description

@github-actions
github-actions
bot
opened on Jun 11, 2026

Analysis Summary

Daily static analysis of 245 workflows with four tools. Findings are fully stable — identical to 2026-06-10 (grand total 1,926, Δ 0): no new security issues, regressions, or new rule+file combos. 0 issues created for runner-guard — every High finding maps to an already-closed static-analysis issue (verified via GitHub search); the only open one is yesterday's report #38292.

  • Tools: zizmor, poutine, actionlint, runner-guard v2.6.0
  • Total: 1,926 (zizmor 537 · poutine 24 · actionlint 1,049 · runner-guard 316)
  • Scanned: 245 · Affected (runner-guard): 17 · Compilation: ✅ 0 errors, 81 warnings
Tool Total High Medium Low Info
zizmor (security) 537 1 2 31 503
poutine (supply chain) 24 0 0 12 err 12 note
actionlint (linting) 1,049
runner-guard (taint) 316 305 11 0 0

Top Priority Issues

  1. RGS-004 — Comment-Triggered Workflow w/o Author Auth Check (runner-guard, High, ×289) in q.lock.yml (118), dev-hawk.lock.yml (87), ai-moderator.lock.yml (84). Comment-triggered workflows with secrets/write perms lacking an author_association check. Auto-generated lock patterns; all map to closed [static-analysis] RGS-004: Comment-Triggered Workflow Without Author Authorization Check #29883/[static-analysis] RGS-004: Comment-Triggered Workflow Without Author Authorization Check (16 workflows) #30284/[static-analysis] RGS-004: Comment-Triggered Workflow Without Author Authorization Check #30077.
  2. RGS-012 — Secret Exfiltration via Outbound HTTP (High, ×10) in daily-model-inventory(4), visual-regression-checker(2), daily-byok-ollama-test(2), docs-noob-tester(1), daily-multi-device-docs-tester(1). All closed [static-analysis] RGS-012: Secret Exfiltration via Outbound HTTP Request in daily-byok-ollama-test.lock.yml #35652/[static-analysis] RGS-012: Secret Exfiltration via Outbound HTTP Request in daily-multi-device-docs-tester.lock.yml #33477/[static-analysis] RGS-012: Secret Exfiltration via Outbound HTTP Request in daily-model-inventory #30079/[static-analysis] RGS-012: Secret Exfiltration via Outbound HTTP Request in docs/visual workflows #29885/[static-analysis] RGS-012: Secret Exfiltration via Outbound HTTP Request in visual-regression-checker.lock.yml #30947/[static-analysis] RGS-012: Secret Exfiltration via Outbound HTTP Request in daily-model-inventory.lock.yml #30776.
  3. RGS-018 — Suspicious Payload Execution (High, ×6) in smoke-codex, smoke-claude, daily-sentrux-report, daily-cli-performance, daily-byok-ollama-test, copilot-setup-steps.yml — mostly curl ... | bash installers. All closed [static-analysis] RGS-018: Suspicious Payload Execution Pattern in daily-byok-ollama-test.lock.yml #35653/[static-analysis] RGS-018: Suspicious Payload Execution Pattern in copilot-setup-steps.yml #33476/[static-analysis] RGS-018: Suspicious Payload Execution Pattern in 36 workflows #29461/[static-analysis] RGS-018: Suspicious Payload Execution Pattern (34 workflows) #30532/[static-analysis] RGS-018: Suspicious Payload Execution Pattern in multiple workflows #30078/[static-analysis] RGS-018: Suspicious Payload Execution Pattern in multiple workflows #30777.
  4. zizmor github-env (High) dev-hawk.lock.yml:1719 — persistent ~20th day; carries a zizmor: ignore comment but still flagged.

Clustered Findings

Zizmor: template-injection 502 Info (the "Execute GitHub Copilot CLI" step across ~244/245 workflows) + 3 Low · obfuscation 28 Low · excessive-permissions 1 Med (dependabot-repair:381) · artipacked 1 Med (daily-geo-optimizer:1519) · superfluous-actions 1 Info · github-env 1 High.

Poutine: untrusted_checkout_exec 12 err (dependabot-worker, smoke-workflow-call±inputs; gh-aw # poutine:ignore annotated) · github_action_from_unverified_creator_used 8 · unverified_script_exec 3 · pr_runs_on_self_hosted 1 (smoke-copilot-arm).

Actionlint: shellcheck 504 · syntax-check 406 · permissions 117 · expression 22. The 117 permission errors are dominated by unknown permission scope "copilot-requests" — an actionlint catalog gap for a valid gh-aw scope, not a real defect.

Runner-Guard (305 High / 11 Medium; no score/grade emitted by this version)

Rule Name Sev Count Distinct files
RGS-004 Comment-Triggered w/o Author Auth High 289 q, dev-hawk, ai-moderator
RGS-012 Secret Exfiltration via Outbound HTTP High 10 daily-model-inventory, visual-regression-checker, daily-byok-ollama-test, docs-noob-tester, daily-multi-device-docs-tester
RGS-018 Suspicious Payload Execution High 6 smoke-codex, smoke-claude, daily-sentrux-report, daily-cli-performance, daily-byok-ollama-test, copilot-setup-steps.yml
RGS-005 Excessive Permissions on Untrusted Trigger Med 8 ai-moderator, q, agentic_commands.yml
RGS-019 Step Output Interpolated in run Block Med 2 error-message-lint.yml, windows-cli-integration.yml
RGS-007 Unpinned Third-Party Action (Mutable Tag) Med 1 aoai-endpoint-smoke-test.yml (azure/login@v2)

Issues created: none. All High findings map to closed static-analysis issues — per dedup policy (closed rule+file → skip) and meta-issue #31043, no duplicates filed; no open issue to comment on.

Fix Suggestion — RGS-004 (High, 289 occurrences)

Findings are on auto-generated .lock.yml; fix the source .md / gh-aw compiler / scanner allowlist, not the lock file.

Prompt to Copilot Agent: Comment-triggered workflows (issue_comment/pull_request_review_comment/workflow_run) with secrets or write permissions must gate privileged jobs on author authorization. (1) Check whether gh-aw already injects a command/author-association guard in the activation job. (2) If yes, add a scanner allowlist entry for the generated guard to suppress the false positive. (3) If no, add if: contains(fromJson('["OWNER","MEMBER","COLLABORATOR"]'), github.event.comment.author_association) to the privileged job. Apply to source q.md, dev-hawk.md, ai-moderator.md.

Historical Trends

Date zizmor poutine actionlint runner-guard Total
2026-06-07 75 24 1,497 314 1,910
2026-06-09 74 24 1,524 314 1,936
2026-06-10 537 24 1,049 316 1,926
2026-06-11 537 24 1,049 316 1,926

Change vs previous: 0 (±0.0%). No new/resolved issue types. The 2026-06-10 swing (zizmor template-injection 74→537; actionlint shellcheck 975→504) is now confirmed stable for a 2nd day — a compiler output change, not a transient anomaly.

Recommendations

  1. Investigate the compiler output change behind the template-injection surge / shellcheck drop (stable 2 days) — confirm it is intended.
  2. Resolve the persistent High github-env in dev-hawk.lock.yml:1719 — refine the zizmor: ignore scope or the generated env-file usage.
  3. Teach actionlint the copilot-requests permission scope to clear the bulk of the 117 permission errors.
  4. Long-term: handle recurring RGS-004/012/018 lock-file patterns at the gh-aw compiler / scanner-allowlist level (per [deep-report] Static-analysis RGS-* security issues recreated daily after closure (no dedup-by-rule) #31043), not via per-run issues.

References: §27327716946

Generated by 📊 Static Analysis Report · 268.9 AIC · ⌖ 26 AIC · ⊞ 5.6K ·

  • expires on Jun 17, 2026, 10:26 PM UTC-08:00

Metadata

Metadata

Assignees

No one assigned

    Labels

    automationsecuritystatic-analysis

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions