SonarCloud: GitHub Actions / dependency hardening
13 open SonarCloud finding(s) in petry-projects/.github, worst severity MAJOR. Generated by the org SonarCloud Audit.
View in SonarCloud →
Findings
| Rule |
Count |
Representative message |
| githubactions:S8541 |
5 |
Omitting "--only-binary :all:" can lead to the execution of setup scripts. Make sure it is |
| githubactions:S8544 |
3 |
Using dependencies without locking resolved versions is security-sensitive. |
| githubactions:S6505 |
2 |
"npx" can install packages on-demand and run their lifecycle scripts. |
| githubactions:S8545 |
2 |
Dependency versions are not predictable. Use a lock-file enforcing command instead. |
| githubactions:S8543 |
1 |
Define exact package version to avoid installing unverified releases. |
Affected files
.github/workflows/ci.yml (4)
.github/workflows/dependency-audit-reusable.yml (2)
.github/workflows/dependency-audit.yml (2)
.github/workflows/feature-ideation-reusable.yml (2)
.github/workflows/feature-ideation-tests.yml (2)
.github/workflows/agent-shield-reusable.yml (1)
Priority
Labeled priority:major — mapped from this bucket's worst SonarCloud severity (MAJOR).
Acceptance
Idempotent issue — updated automatically each audit run; auto-closed when the finding count reaches zero.
SonarCloud: GitHub Actions / dependency hardening
13 open SonarCloud finding(s) in
petry-projects/.github, worst severity MAJOR. Generated by the org SonarCloud Audit.View in SonarCloud →
Findings
Affected files
.github/workflows/ci.yml(4).github/workflows/dependency-audit-reusable.yml(2).github/workflows/dependency-audit.yml(2).github/workflows/feature-ideation-reusable.yml(2).github/workflows/feature-ideation-tests.yml(2).github/workflows/agent-shield-reusable.yml(1)Priority
Labeled
priority:major— mapped from this bucket's worst SonarCloud severity (MAJOR).Acceptance
NOSONARunless a confirmed false positive, noted inline)Idempotent issue — updated automatically each audit run; auto-closed when the finding count reaches zero.