Security supply-chain scan #23
security.yml
on: schedule
Semgrep SAST
57s
OSV-Scanner deps
12s
Trivy filesystem
29s
Gitleaks secret scan
12s
jscpd duplication
18s
Generate SBOM (Syft)
22s
Annotations
1 error and 9 warnings
|
OSV-Scanner deps
Path does not exist: osv.sarif
|
|
OSV-Scanner deps
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: github/codeql-action/upload-sarif@ce64ddcb0d8d890d2df4a9d1c04ff297367dea2a. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
OSV-Scanner deps
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
|
|
OSV-Scanner deps
No files were found with the provided path: osv.sarif. No artifacts will be uploaded.
|
|
jscpd duplication
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
jscpd duplication
No files were found with the provided path: reports/jscpd. No artifacts will be uploaded.
|
|
Trivy filesystem
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: github/codeql-action/upload-sarif@ce64ddcb0d8d890d2df4a9d1c04ff297367dea2a. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
Trivy filesystem
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
|
|
Semgrep SAST
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065, github/codeql-action/upload-sarif@ce64ddcb0d8d890d2df4a9d1c04ff297367dea2a. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
Semgrep SAST
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
|
Artifacts
Produced during runtime
| Name | Size | Digest | |
|---|---|---|---|
|
gitleaks-sarif
Expired
|
6.2 KB |
sha256:36bcd2fcfc08efb597ccb9b1bb203af00df981fd42d80bf025cb1c3ce55c2fab
|
|
|
semgrep-sarif
Expired
|
184 KB |
sha256:6e1fce2f674e89e05dda3e1af4ac1fabf9e1de9eaa6f0cbb69c463d95b914e99
|
|
|
trivy-sarif
Expired
|
457 Bytes |
sha256:458442e284961f179be7b784d03221b6477f1f72cb489a93c5c137fb8985f643
|
|
|
vigil.spdx.json
|
2.52 KB |
sha256:6ea6c8c4bcbd09fa74aed9d7ecbcb25d476dc335c5d0e772c56bb570efc94db1
|
|