Skip to content

Security supply-chain scan #23

Security supply-chain scan

Security supply-chain scan #23

Triggered via schedule June 29, 2026 10:14
Status Success
Total duration 1m 2s
Artifacts 4

security.yml

on: schedule
Semgrep SAST
57s
Semgrep SAST
OSV-Scanner deps
12s
OSV-Scanner deps
Trivy filesystem
29s
Trivy filesystem
Gitleaks secret scan
12s
Gitleaks secret scan
jscpd duplication
18s
jscpd duplication
Generate SBOM (Syft)
22s
Generate SBOM (Syft)
Fit to window
Zoom out
Zoom in

Annotations

1 error and 9 warnings
OSV-Scanner deps
Path does not exist: osv.sarif
OSV-Scanner deps
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: github/codeql-action/upload-sarif@ce64ddcb0d8d890d2df4a9d1c04ff297367dea2a. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
OSV-Scanner deps
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
OSV-Scanner deps
No files were found with the provided path: osv.sarif. No artifacts will be uploaded.
jscpd duplication
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
jscpd duplication
No files were found with the provided path: reports/jscpd. No artifacts will be uploaded.
Trivy filesystem
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: github/codeql-action/upload-sarif@ce64ddcb0d8d890d2df4a9d1c04ff297367dea2a. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
Trivy filesystem
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
Semgrep SAST
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065, github/codeql-action/upload-sarif@ce64ddcb0d8d890d2df4a9d1c04ff297367dea2a. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
Semgrep SAST
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/

Artifacts

Produced during runtime
Name Size Digest
gitleaks-sarif Expired
6.2 KB
sha256:36bcd2fcfc08efb597ccb9b1bb203af00df981fd42d80bf025cb1c3ce55c2fab
semgrep-sarif Expired
184 KB
sha256:6e1fce2f674e89e05dda3e1af4ac1fabf9e1de9eaa6f0cbb69c463d95b914e99
trivy-sarif Expired
457 Bytes
sha256:458442e284961f179be7b784d03221b6477f1f72cb489a93c5c137fb8985f643
vigil.spdx.json
2.52 KB
sha256:6ea6c8c4bcbd09fa74aed9d7ecbcb25d476dc335c5d0e772c56bb570efc94db1