Add models for reusable workflows sinks

2026-01-09 12:40:25 +01:00 · 2024-04-11 11:25:54 +02:00
parent ae84303fac
commit 83f9527cc4
281 changed files with 2322 additions and 0 deletions
--- a/ql/lib/ext/generated/reusable-workflows/0xpolygon_polygon-edge.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/0xpolygon_polygon-edge.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["0xpolygon/polygon-edge/.github/workflows/loadtest.yml", "*", "inputs.scenario", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/8vim_8vim.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/8vim_8vim.model.yml
@@ -0,0 +1,9 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["8vim/8vim/.github/workflows/publish.yaml", "*", "inputs.version_code", "code-injection", "generated"]
+     - ["8vim/8vim/.github/workflows/publish.yaml", "*", "inputs.version_name", "code-injection", "generated"]
+     - ["8vim/8vim/.github/workflows/bump-version.yaml", "*", "inputs.message", "code-injection", "generated"]
+     - ["8vim/8vim/.github/workflows/build.yaml", "*", "inputs.target", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/actions_reusable-workflows.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/actions_reusable-workflows.model.yml
@@ -0,0 +1,11 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["actions/reusable-workflows/.github/workflows/update-config-files.yml", "*", "inputs.base-pr-branch", "code-injection", "generated"]
+     - ["actions/reusable-workflows/.github/workflows/update-config-files.yml", "*", "inputs.head-pr-branch", "code-injection", "generated"]
+     - ["actions/reusable-workflows/.github/workflows/update-config-files.yml", "*", "inputs.reference-files", "code-injection", "generated"]
+     - ["actions/reusable-workflows/.github/workflows/update-config-files.yml", "*", "inputs.target-folder", "code-injection", "generated"]
+     - ["actions/reusable-workflows/.github/workflows/codeql-analysis.yml", "*", "inputs.build-command", "code-injection", "generated"]
+     - ["actions/reusable-workflows/.github/workflows/check-dist.yml", "*", "inputs.dist-path", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/adap_flower.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/adap_flower.model.yml
@@ -0,0 +1,8 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["adap/flower/.github/workflows/_docker-build.yml", "*", "inputs.namespace-repository", "code-injection", "generated"]
+     - ["adap/flower/.github/workflows/_docker-build.yml", "*", "inputs.file-dir", "code-injection", "generated"]
+     - ["adap/flower/.github/workflows/_docker-build.yml", "*", "inputs.build-args", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/aio-libs_multidict.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/aio-libs_multidict.model.yml
@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["aio-libs/multidict/.github/workflows/reusable-build-wheel.yml", "*", "inputs.wheel-tags-to-skip", "code-injection", "generated"]
+     - ["aio-libs/multidict/.github/workflows/reusable-build-wheel.yml", "*", "inputs.qemu", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/aio-libs_yarl.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/aio-libs_yarl.model.yml
@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["aio-libs/yarl/.github/workflows/reusable-build-wheel.yml", "*", "inputs.wheel-tags-to-skip", "code-injection", "generated"]
+     - ["aio-libs/yarl/.github/workflows/reusable-build-wheel.yml", "*", "inputs.qemu", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/airbytehq_airbyte.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/airbytehq_airbyte.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["airbytehq/airbyte/.github/workflows/connector-performance-command.yml", "*", "inputs.connector", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/alphagov_collections.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/alphagov_collections.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["alphagov/collections/.github/workflows/pact-verify.yml", "*", "inputs.pact_artifact_file_to_verify", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/alphagov_frontend.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/alphagov_frontend.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["alphagov/frontend/.github/workflows/pact-verify.yml", "*", "inputs.pact_artifact_file_to_verify", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/alphagov_publishing-api.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/alphagov_publishing-api.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["alphagov/publishing-api/.github/workflows/pact-verify.yml", "*", "inputs.pact_artifact_file_to_verify", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/apache_druid.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/apache_druid.model.yml
@@ -0,0 +1,15 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["apache/druid/.github/workflows/reusable-unit-tests.yml", "*", "inputs.module", "code-injection", "generated"]
+     - ["apache/druid/.github/workflows/reusable-unit-tests.yml", "*", "inputs.jdk", "code-injection", "generated"]
+     - ["apache/druid/.github/workflows/reusable-unit-tests.yml", "*", "inputs.sql_compatibility", "code-injection", "generated"]
+     - ["apache/druid/.github/workflows/reusable-standard-its.yml", "*", "inputs.override_config_path", "code-injection", "generated"]
+     - ["apache/druid/.github/workflows/reusable-standard-its.yml", "*", "inputs.testing_groups", "code-injection", "generated"]
+     - ["apache/druid/.github/workflows/reusable-standard-its.yml", "*", "inputs.use_indexer", "code-injection", "generated"]
+     - ["apache/druid/.github/workflows/reusable-standard-its.yml", "*", "inputs.runtime_jdk", "code-injection", "generated"]
+     - ["apache/druid/.github/workflows/reusable-revised-its.yml", "*", "inputs.it", "code-injection", "generated"]
+     - ["apache/druid/.github/workflows/reusable-revised-its.yml", "*", "inputs.script", "code-injection", "generated"]
+     - ["apache/druid/.github/workflows/reusable-revised-its.yml", "*", "inputs.build_jdk", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/apache_flink.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/apache_flink.model.yml
@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["apache/flink/.github/workflows/template.flink-ci.yml", "*", "inputs.environment", "code-injection", "generated"]
+     - ["apache/flink/.github/workflows/template.flink-ci.yml", "*", "inputs.workflow-caller-id", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/apache_spark.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/apache_spark.model.yml
@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["apache/spark/.github/workflows/build_and_test.yml", "*", "inputs.branch", "code-injection", "generated"]
+     - ["apache/spark/.github/workflows/build_and_test.yml", "*", "inputs.jobs", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/argilla-io_argilla.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/argilla-io_argilla.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["argilla-io/argilla/.github/workflows/run-python-tests.yml", "*", "inputs.pytestArgs", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/argoproj_argo-cd.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/argoproj_argo-cd.model.yml
@@ -0,0 +1,8 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["argoproj/argo-cd/.github/workflows/image-reuse.yaml", "*", "inputs.docker_image_name", "code-injection", "generated"]
+     - ["argoproj/argo-cd/.github/workflows/image-reuse.yaml", "*", "inputs.ghcr_image_name", "code-injection", "generated"]
+     - ["argoproj/argo-cd/.github/workflows/image-reuse.yaml", "*", "inputs.quay_image_name", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/argoproj_argo-rollouts.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/argoproj_argo-rollouts.model.yml
@@ -0,0 +1,8 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["argoproj/argo-rollouts/.github/workflows/image-reuse.yaml", "*", "inputs.docker_image_name", "code-injection", "generated"]
+     - ["argoproj/argo-rollouts/.github/workflows/image-reuse.yaml", "*", "inputs.ghcr_image_name", "code-injection", "generated"]
+     - ["argoproj/argo-rollouts/.github/workflows/image-reuse.yaml", "*", "inputs.quay_image_name", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/aws-amplify_amplify-ui.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/aws-amplify_amplify-ui.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["aws-amplify/amplify-ui/.github/workflows/reusable-tagged-publish.yml", "*", "inputs.dist-tag", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/azure_apiops.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/azure_apiops.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["azure/apiops/tools/github_workflows/run-publisher-with-env.yaml", "*", "inputs.API_MANAGEMENT_SERVICE_OUTPUT_FOLDER_PATH", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/azure_mlops-templates.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/azure_mlops-templates.model.yml
@@ -0,0 +1,13 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["azure/mlops-templates/.github/workflows/tf-gha-install-terraform.yml", "*", "inputs.terraform_workingdir", "code-injection", "generated"]
+     - ["azure/mlops-templates/.github/workflows/run-pipeline.yml", "*", "inputs.parameters-file", "code-injection", "generated"]
+     - ["azure/mlops-templates/.github/workflows/run-pipeline.yml", "*", "inputs.workspace_name", "code-injection", "generated"]
+     - ["azure/mlops-templates/.github/workflows/run-pipeline.yml", "*", "inputs.resource_group", "code-injection", "generated"]
+     - ["azure/mlops-templates/.github/workflows/register-environment.yml", "*", "inputs.dockerfile-location", "code-injection", "generated"]
+     - ["azure/mlops-templates/.github/workflows/register-environment.yml", "*", "inputs.environment_file", "code-injection", "generated"]
+     - ["azure/mlops-templates/.github/workflows/register-environment.yml", "*", "inputs.workspace_name", "code-injection", "generated"]
+     - ["azure/mlops-templates/.github/workflows/register-environment.yml", "*", "inputs.resource_group", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/bbq-beets_avocaddo-cmw.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/bbq-beets_avocaddo-cmw.model.yml
@@ -0,0 +1,9 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["bbq-beets/avocaddo-cmw/.github/workflows/mobile-ci-cd.yml", "*", "inputs.git-user-email", "code-injection", "generated"]
+     - ["bbq-beets/avocaddo-cmw/.github/workflows/mobile-ci-cd.yml", "*", "inputs.git-user-name", "code-injection", "generated"]
+     - ["bbq-beets/avocaddo-cmw/.github/workflows/mobile-ci-cd.yml", "*", "inputs.track", "code-injection", "generated"]
+     - ["bbq-beets/avocaddo-cmw/.github/workflows/mobile-ci-cd.yml", "*", "inputs.package-name", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/bbq-beets_mobile-ci-cd.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/bbq-beets_mobile-ci-cd.model.yml
@@ -0,0 +1,9 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["bbq-beets/mobile-ci-cd/.github/workflows/mobile-ci-cd.yml", "*", "inputs.git-user-email", "code-injection", "generated"]
+     - ["bbq-beets/mobile-ci-cd/.github/workflows/mobile-ci-cd.yml", "*", "inputs.git-user-name", "code-injection", "generated"]
+     - ["bbq-beets/mobile-ci-cd/.github/workflows/mobile-ci-cd.yml", "*", "inputs.track", "code-injection", "generated"]
+     - ["bbq-beets/mobile-ci-cd/.github/workflows/mobile-ci-cd.yml", "*", "inputs.package-name", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/bbq-beets_yujincat-action.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/bbq-beets_yujincat-action.model.yml
@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["bbq-beets/yujincat-action/.github/workflows/test-referInputs.yml", "*", "inputs.shell", "code-injection", "generated"]
+     - ["bbq-beets/yujincat-action/.github/workflows/test-referInputs.yml", "*", "inputs.environment", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/bdunderscore_modular-avatar.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/bdunderscore_modular-avatar.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["bdunderscore/modular-avatar/.github/workflows/build-test-docs.yml", "*", "inputs.path", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/benc-uk_workflow-dispatch.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/benc-uk_workflow-dispatch.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["benc-uk/workflow-dispatch/.github/workflows/echo-3.yaml", "*", "inputs.message", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/bridgecrewio_checkov.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/bridgecrewio_checkov.model.yml
@@ -0,0 +1,8 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["bridgecrewio/checkov/tests/github_actions/resources/.github/workflows/docker-slsa.yaml", "*", "inputs.REGISTRY", "code-injection", "generated"]
+     - ["bridgecrewio/checkov/tests/github_actions/resources/.github/workflows/docker-slsa.yaml", "*", "inputs.IMAGE_NAME", "code-injection", "generated"]
+     - ["bridgecrewio/checkov/tests/github_actions/resources/.github/workflows/docker-slsa.yaml", "*", "inputs.IMAGE_TAG", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/bugsnag_bugsnag-ruby.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/bugsnag_bugsnag-ruby.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["bugsnag/bugsnag-ruby/.github/workflows/run-maze-runner.yml", "*", "inputs.features", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/bytecodealliance_wasm-micro-runtime.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/bytecodealliance_wasm-micro-runtime.model.yml
@@ -0,0 +1,22 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["bytecodealliance/wasm-micro-runtime/.github/workflows/reuse_latest_release_binaries.yml", "*", "inputs.the_path", "code-injection", "generated"]
+     - ["bytecodealliance/wasm-micro-runtime/.github/workflows/reuse_latest_release_binaries.yml", "*", "inputs.last_commit", "code-injection", "generated"]
+     - ["bytecodealliance/wasm-micro-runtime/.github/workflows/reuse_latest_release_binaries.yml", "*", "inputs.binary_name_stem", "code-injection", "generated"]
+     - ["bytecodealliance/wasm-micro-runtime/.github/workflows/build_wamrc.yml", "*", "inputs.ver_num", "code-injection", "generated"]
+     - ["bytecodealliance/wasm-micro-runtime/.github/workflows/build_wamrc.yml", "*", "inputs.runner", "code-injection", "generated"]
+     - ["bytecodealliance/wasm-micro-runtime/.github/workflows/build_wamr_vscode_ext.yml", "*", "inputs.ver_num", "code-injection", "generated"]
+     - ["bytecodealliance/wasm-micro-runtime/.github/workflows/build_wamr_sdk.yml", "*", "inputs.ver_num", "code-injection", "generated"]
+     - ["bytecodealliance/wasm-micro-runtime/.github/workflows/build_wamr_sdk.yml", "*", "inputs.runner", "code-injection", "generated"]
+     - ["bytecodealliance/wasm-micro-runtime/.github/workflows/build_wamr_sdk.yml", "*", "inputs.config_file", "code-injection", "generated"]
+     - ["bytecodealliance/wasm-micro-runtime/.github/workflows/build_wamr_sdk.yml", "*", "inputs.wasi_sdk_url", "code-injection", "generated"]
+     - ["bytecodealliance/wasm-micro-runtime/.github/workflows/build_wamr_sdk.yml", "*", "inputs.wamr_app_framework_url", "code-injection", "generated"]
+     - ["bytecodealliance/wasm-micro-runtime/.github/workflows/build_wamr_lldb.yml", "*", "inputs.ver_num", "code-injection", "generated"]
+     - ["bytecodealliance/wasm-micro-runtime/.github/workflows/build_wamr_lldb.yml", "*", "inputs.runner", "code-injection", "generated"]
+     - ["bytecodealliance/wasm-micro-runtime/.github/workflows/build_wamr_lldb.yml", "*", "inputs.wasi_sdk_url", "code-injection", "generated"]
+     - ["bytecodealliance/wasm-micro-runtime/.github/workflows/build_llvm_libraries.yml", "*", "inputs.arch", "code-injection", "generated"]
+     - ["bytecodealliance/wasm-micro-runtime/.github/workflows/build_llvm_libraries.yml", "*", "inputs.os", "code-injection", "generated"]
+     - ["bytecodealliance/wasm-micro-runtime/.github/workflows/build_iwasm_release.yml", "*", "inputs.ver_num", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/celo-org_celo-blockchain.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/celo-org_celo-blockchain.model.yml
@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["celo-org/celo-blockchain/.github/workflows/add-docker-tag.yaml", "*", "inputs.destination-tag", "code-injection", "generated"]
+     - ["celo-org/celo-blockchain/.github/workflows/add-docker-tag.yaml", "*", "inputs.origin-tag", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/cemu-project_cemu.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/cemu-project_cemu.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["cemu-project/cemu/.github/workflows/build.yml", "*", "inputs.experimentalversion", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/cesiumgs_cesium-unreal.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/cesiumgs_cesium-unreal.model.yml
@@ -0,0 +1,29 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["cesiumgs/cesium-unreal/.github/workflows/testWindows.yml", "*", "inputs.unreal-program-name", "code-injection", "generated"]
+     - ["cesiumgs/cesium-unreal/.github/workflows/testWindows.yml", "*", "inputs.test-package-base-name", "code-injection", "generated"]
+     - ["cesiumgs/cesium-unreal/.github/workflows/testPackageOnWindows.yml", "*", "inputs.unreal-program-name", "code-injection", "generated"]
+     - ["cesiumgs/cesium-unreal/.github/workflows/testPackageOnWindows.yml", "*", "inputs.unreal-engine-association", "code-injection", "generated"]
+     - ["cesiumgs/cesium-unreal/.github/workflows/testPackageOnWindows.yml", "*", "inputs.test-package-base-name", "code-injection", "generated"]
+     - ["cesiumgs/cesium-unreal/.github/workflows/testPackageOnWindows.yml", "*", "inputs.visual-studio-version", "code-injection", "generated"]
+     - ["cesiumgs/cesium-unreal/.github/workflows/testPackageOnWindows.yml", "*", "inputs.visual-studio-components", "code-injection", "generated"]
+     - ["cesiumgs/cesium-unreal/.github/workflows/buildiOS.yml", "*", "inputs.unreal-engine-version", "code-injection", "generated"]
+     - ["cesiumgs/cesium-unreal/.github/workflows/buildiOS.yml", "*", "inputs.unreal-program-name", "code-injection", "generated"]
+     - ["cesiumgs/cesium-unreal/.github/workflows/buildiOS.yml", "*", "inputs.upload-package-base-name", "code-injection", "generated"]
+     - ["cesiumgs/cesium-unreal/.github/workflows/buildWindows.yml", "*", "inputs.unreal-engine-version", "code-injection", "generated"]
+     - ["cesiumgs/cesium-unreal/.github/workflows/buildWindows.yml", "*", "inputs.cmake-generator", "code-injection", "generated"]
+     - ["cesiumgs/cesium-unreal/.github/workflows/buildWindows.yml", "*", "inputs.cmake-platform", "code-injection", "generated"]
+     - ["cesiumgs/cesium-unreal/.github/workflows/buildWindows.yml", "*", "inputs.cmake-toolchain", "code-injection", "generated"]
+     - ["cesiumgs/cesium-unreal/.github/workflows/buildWindows.yml", "*", "inputs.upload-package-base-name", "code-injection", "generated"]
+     - ["cesiumgs/cesium-unreal/.github/workflows/buildWindows.yml", "*", "inputs.unreal-program-name", "code-injection", "generated"]
+     - ["cesiumgs/cesium-unreal/.github/workflows/buildWindows.yml", "*", "inputs.extra-choco-packages", "code-injection", "generated"]
+     - ["cesiumgs/cesium-unreal/.github/workflows/buildWindows.yml", "*", "inputs.visual-studio-version", "code-injection", "generated"]
+     - ["cesiumgs/cesium-unreal/.github/workflows/buildWindows.yml", "*", "inputs.visual-studio-components", "code-injection", "generated"]
+     - ["cesiumgs/cesium-unreal/.github/workflows/buildMac.yml", "*", "inputs.unreal-engine-version", "code-injection", "generated"]
+     - ["cesiumgs/cesium-unreal/.github/workflows/buildMac.yml", "*", "inputs.unreal-program-name", "code-injection", "generated"]
+     - ["cesiumgs/cesium-unreal/.github/workflows/buildMac.yml", "*", "inputs.upload-package-base-name", "code-injection", "generated"]
+     - ["cesiumgs/cesium-unreal/.github/workflows/buildLinux.yml", "*", "inputs.unreal-engine-version", "code-injection", "generated"]
+     - ["cesiumgs/cesium-unreal/.github/workflows/buildLinux.yml", "*", "inputs.clang-version", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/cgal_cgal.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/cgal_cgal.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["cgal/cgal/.github/workflows/send_email.yml", "*", "inputs.message", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/checkstyle_checkstyle.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/checkstyle_checkstyle.model.yml
@@ -0,0 +1,14 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["checkstyle/checkstyle/.github/workflows/release-upload-all-jar.yml", "*", "inputs.version", "code-injection", "generated"]
+     - ["checkstyle/checkstyle/.github/workflows/release-update-xdoc-with-releasenotes.yml", "*", "inputs.version", "code-injection", "generated"]
+     - ["checkstyle/checkstyle/.github/workflows/release-update-github-page.yml", "*", "inputs.version", "code-injection", "generated"]
+     - ["checkstyle/checkstyle/.github/workflows/release-update-github-io.yml", "*", "inputs.version", "code-injection", "generated"]
+     - ["checkstyle/checkstyle/.github/workflows/release-publish-releasenotes-twitter.yml", "*", "inputs.version", "code-injection", "generated"]
+     - ["checkstyle/checkstyle/.github/workflows/release-new-milestone-and-issues-in-other-repos.yml", "*", "inputs.version", "code-injection", "generated"]
+     - ["checkstyle/checkstyle/.github/workflows/release-maven-prepare.yml", "*", "inputs.version", "code-injection", "generated"]
+     - ["checkstyle/checkstyle/.github/workflows/release-maven-perform.yml", "*", "inputs.version", "code-injection", "generated"]
+     - ["checkstyle/checkstyle/.github/workflows/release-copy-github-io-to-sourceforge.yml", "*", "inputs.version", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/chia-network_actions.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/chia-network_actions.model.yml
@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["chia-network/actions/.github/workflows/docker-build.yaml", "*", "inputs.docker-context", "code-injection", "generated"]
+     - ["chia-network/actions/.github/workflows/docker-build.yaml", "*", "inputs.image_subpath", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/chipsalliance_chisel.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/chipsalliance_chisel.model.yml
@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["chipsalliance/chisel/.github/workflows/test.yml", "*", "inputs.scala", "code-injection", "generated"]
+     - ["chipsalliance/chisel/.github/workflows/test.yml", "*", "inputs.circt", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/clickhouse_clickhouse.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/clickhouse_clickhouse.model.yml
@@ -0,0 +1,14 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["clickhouse/clickhouse/.github/workflows/reusable_test.yml", "*", "inputs.test_name", "code-injection", "generated"]
+     - ["clickhouse/clickhouse/.github/workflows/reusable_test.yml", "*", "inputs.run_command", "code-injection", "generated"]
+     - ["clickhouse/clickhouse/.github/workflows/reusable_test.yml", "*", "inputs.working-directory", "code-injection", "generated"]
+     - ["clickhouse/clickhouse/.github/workflows/reusable_test.yml", "*", "inputs.additional_envs", "code-injection", "generated"]
+     - ["clickhouse/clickhouse/.github/workflows/reusable_simple_job.yml", "*", "inputs.test_name", "code-injection", "generated"]
+     - ["clickhouse/clickhouse/.github/workflows/reusable_simple_job.yml", "*", "inputs.run_command", "code-injection", "generated"]
+     - ["clickhouse/clickhouse/.github/workflows/reusable_simple_job.yml", "*", "inputs.working-directory", "code-injection", "generated"]
+     - ["clickhouse/clickhouse/.github/workflows/reusable_simple_job.yml", "*", "inputs.additional_envs", "code-injection", "generated"]
+     - ["clickhouse/clickhouse/.github/workflows/reusable_docker.yml", "*", "inputs.set_latest", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/cloudfoundry_cli.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/cloudfoundry_cli.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["cloudfoundry/cli/.github/workflows/tests-integration-reusable.yml", "*", "inputs.os", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/cocotb_cocotb.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/cocotb_cocotb.model.yml
@@ -0,0 +1,8 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["cocotb/cocotb/.github/workflows/regression-tests.yml", "*", "inputs.nox_session_test_sim", "code-injection", "generated"]
+     - ["cocotb/cocotb/.github/workflows/regression-tests.yml", "*", "inputs.nox_session_test_nosim", "code-injection", "generated"]
+     - ["cocotb/cocotb/.github/workflows/regression-tests.yml", "*", "inputs.group", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/codeigniter4_codeigniter4.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/codeigniter4_codeigniter4.model.yml
@@ -0,0 +1,9 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["codeigniter4/codeigniter4/.github/workflows/reusable-serviceless-phpunit-test.yml", "*", "inputs.extra-composer-options", "code-injection", "generated"]
+     - ["codeigniter4/codeigniter4/.github/workflows/reusable-serviceless-phpunit-test.yml", "*", "inputs.php-version", "code-injection", "generated"]
+     - ["codeigniter4/codeigniter4/.github/workflows/reusable-phpunit-test.yml", "*", "inputs.extra-composer-options", "code-injection", "generated"]
+     - ["codeigniter4/codeigniter4/.github/workflows/reusable-phpunit-test.yml", "*", "inputs.php-version", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/com-lihaoyi_mill.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/com-lihaoyi_mill.model.yml
@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["com-lihaoyi/mill/.github/workflows/run-mill-action.yml", "*", "inputs.millargs", "code-injection", "generated"]
+     - ["com-lihaoyi/mill/.github/workflows/run-mill-action.yml", "*", "inputs.buildcmd", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/cosmos_ibc-go.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/cosmos_ibc-go.model.yml
@@ -0,0 +1,17 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["cosmos/ibc-go/.github/workflows/e2e-test-workflow-call.yml", "*", "inputs.upgrade-plan-name", "code-injection", "generated"]
+     - ["cosmos/ibc-go/.github/workflows/e2e-test-workflow-call.yml", "*", "inputs.chain-upgrade-tag", "code-injection", "generated"]
+     - ["cosmos/ibc-go/.github/workflows/e2e-test-workflow-call.yml", "*", "inputs.relayer-type", "code-injection", "generated"]
+     - ["cosmos/ibc-go/.github/workflows/e2e-test-workflow-call.yml", "*", "inputs.relayer-tag", "code-injection", "generated"]
+     - ["cosmos/ibc-go/.github/workflows/e2e-test-workflow-call.yml", "*", "inputs.relayer-image", "code-injection", "generated"]
+     - ["cosmos/ibc-go/.github/workflows/e2e-test-workflow-call.yml", "*", "inputs.chain-b-tag", "code-injection", "generated"]
+     - ["cosmos/ibc-go/.github/workflows/e2e-test-workflow-call.yml", "*", "inputs.chain-a-tag", "code-injection", "generated"]
+     - ["cosmos/ibc-go/.github/workflows/e2e-test-workflow-call.yml", "*", "inputs.chain-image", "code-injection", "generated"]
+     - ["cosmos/ibc-go/.github/workflows/e2e-test-workflow-call.yml", "*", "inputs.test", "code-injection", "generated"]
+     - ["cosmos/ibc-go/.github/workflows/e2e-test-workflow-call.yml", "*", "inputs.test-entry-point", "code-injection", "generated"]
+     - ["cosmos/ibc-go/.github/workflows/e2e-compatibility-workflow-call.yaml", "*", "inputs.test-suite", "code-injection", "generated"]
+     - ["cosmos/ibc-go/.github/workflows/e2e-compatibility-workflow-call.yaml", "*", "inputs.test-file-directory", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/crowdsecurity_crowdsec.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/crowdsecurity_crowdsec.model.yml
@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["crowdsecurity/crowdsec/.github/workflows/publish-docker.yml", "*", "inputs.latest", "code-injection", "generated"]
+     - ["crowdsecurity/crowdsec/.github/workflows/publish-docker.yml", "*", "inputs.image_version", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/cryptomator_cryptomator.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/cryptomator_cryptomator.model.yml
@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["cryptomator/cryptomator/.github/workflows/get-version.yml", "*", "inputs.version", "code-injection", "generated"]
+     - ["cryptomator/cryptomator/.github/workflows/av-whitelist.yml", "*", "inputs.url", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/daeuniverse_dae.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/daeuniverse_dae.model.yml
@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["daeuniverse/dae/.github/workflows/seed-build.yml", "*", "inputs.pr-number", "code-injection", "generated"]
+     - ["daeuniverse/dae/.github/workflows/seed-build.yml", "*", "inputs.build-type", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/dafny-lang_dafny.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/dafny-lang_dafny.model.yml
@@ -0,0 +1,9 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["dafny-lang/dafny/.github/workflows/publish-release-reusable.yml", "*", "inputs.name", "code-injection", "generated"]
+     - ["dafny-lang/dafny/.github/workflows/publish-release-reusable.yml", "*", "inputs.tag_name", "code-injection", "generated"]
+     - ["dafny-lang/dafny/.github/workflows/integration-tests-reusable.yml", "*", "inputs.all_platforms", "code-injection", "generated"]
+     - ["dafny-lang/dafny/.github/workflows/integration-tests-reusable.yml", "*", "inputs.num_shards", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/dagger_dagger.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/dagger_dagger.model.yml
@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["dagger/dagger/.github/workflows/_hack_make.yml", "*", "inputs.mage-targets", "code-injection", "generated"]
+     - ["dagger/dagger/.github/workflows/_hack_make.yml", "*", "inputs.dev-engine", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/dash-industry-forum_dash.js.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/dash-industry-forum_dash.js.model.yml
@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["dash-industry-forum/dash.js/.github/workflows/deploy.yml", "*", "inputs.deploy_path", "code-injection", "generated"]
+     - ["dash-industry-forum/dash.js/.github/workflows/deploy.yml", "*", "inputs.envname", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/datadog_dd-trace-go.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/datadog_dd-trace-go.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["datadog/dd-trace-go/.github/workflows/smoke-tests.yml", "*", "inputs.go-libddwaf-ref", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/datadog_dd-trace-py.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/datadog_dd-trace-py.model.yml
@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["datadog/dd-trace-py/.github/workflows/lib-inject-publish.yml", "*", "inputs.ddtrace-version", "code-injection", "generated"]
+     - ["datadog/dd-trace-py/.github/workflows/build-and-publish-image.yml", "*", "inputs.context", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/datafuselabs_databend.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/datafuselabs_databend.model.yml
@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["datafuselabs/databend/.github/workflows/reuse.benchmark.yml", "*", "inputs.run_id", "code-injection", "generated"]
+     - ["datafuselabs/databend/.github/workflows/reuse.benchmark.yml", "*", "inputs.source_id", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/dbt-labs_dbt-bigquery.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/dbt-labs_dbt-bigquery.model.yml
@@ -0,0 +1,14 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["dbt-labs/dbt-bigquery/.github/workflows/release.yml", "*", "inputs.s3_bucket_name", "code-injection", "generated"]
+     - ["dbt-labs/dbt-bigquery/.github/workflows/release.yml", "*", "inputs.build_script_path", "code-injection", "generated"]
+     - ["dbt-labs/dbt-bigquery/.github/workflows/release.yml", "*", "inputs.nightly_release", "code-injection", "generated"]
+     - ["dbt-labs/dbt-bigquery/.github/workflows/release.yml", "*", "inputs.test_run", "code-injection", "generated"]
+     - ["dbt-labs/dbt-bigquery/.github/workflows/release.yml", "*", "inputs.env_setup_script_path", "code-injection", "generated"]
+     - ["dbt-labs/dbt-bigquery/.github/workflows/release.yml", "*", "inputs.target_branch", "code-injection", "generated"]
+     - ["dbt-labs/dbt-bigquery/.github/workflows/release.yml", "*", "inputs.sha", "code-injection", "generated"]
+     - ["dbt-labs/dbt-bigquery/.github/workflows/release.yml", "*", "inputs.package_test_command", "code-injection", "generated"]
+     - ["dbt-labs/dbt-bigquery/.github/workflows/release.yml", "*", "inputs.version_number", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/dbt-labs_dbt-core.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/dbt-labs_dbt-core.model.yml
@@ -0,0 +1,9 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["dbt-labs/dbt-core/.github/workflows/release.yml", "*", "inputs.nightly_release", "code-injection", "generated"]
+     - ["dbt-labs/dbt-core/.github/workflows/release.yml", "*", "inputs.test_run", "code-injection", "generated"]
+     - ["dbt-labs/dbt-core/.github/workflows/release.yml", "*", "inputs.target_branch", "code-injection", "generated"]
+     - ["dbt-labs/dbt-core/.github/workflows/release.yml", "*", "inputs.version_number", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/dbt-labs_dbt-snowflake.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/dbt-labs_dbt-snowflake.model.yml
@@ -0,0 +1,14 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["dbt-labs/dbt-snowflake/.github/workflows/release.yml", "*", "inputs.s3_bucket_name", "code-injection", "generated"]
+     - ["dbt-labs/dbt-snowflake/.github/workflows/release.yml", "*", "inputs.build_script_path", "code-injection", "generated"]
+     - ["dbt-labs/dbt-snowflake/.github/workflows/release.yml", "*", "inputs.nightly_release", "code-injection", "generated"]
+     - ["dbt-labs/dbt-snowflake/.github/workflows/release.yml", "*", "inputs.test_run", "code-injection", "generated"]
+     - ["dbt-labs/dbt-snowflake/.github/workflows/release.yml", "*", "inputs.env_setup_script_path", "code-injection", "generated"]
+     - ["dbt-labs/dbt-snowflake/.github/workflows/release.yml", "*", "inputs.target_branch", "code-injection", "generated"]
+     - ["dbt-labs/dbt-snowflake/.github/workflows/release.yml", "*", "inputs.sha", "code-injection", "generated"]
+     - ["dbt-labs/dbt-snowflake/.github/workflows/release.yml", "*", "inputs.package_test_command", "code-injection", "generated"]
+     - ["dbt-labs/dbt-snowflake/.github/workflows/release.yml", "*", "inputs.version_number", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/decidim_decidim.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/decidim_decidim.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["decidim/decidim/.github/workflows/test_app.yml", "*", "inputs.test_command", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/defectdojo_django-defectdojo.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/defectdojo_django-defectdojo.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["defectdojo/django-defectdojo/.github/workflows/release-x-manual-helm-chart.yml", "*", "inputs.release_number", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/dependencytrack_dependency-track.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/dependencytrack_dependency-track.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["dependencytrack/dependency-track/.github/workflows/_meta-build.yaml", "*", "inputs.app-version", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/devexpress_testcafe.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/devexpress_testcafe.model.yml
@@ -0,0 +1,10 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["devexpress/testcafe/.github/workflows/test-server.yml", "*", "inputs.test-script", "code-injection", "generated"]
+     - ["devexpress/testcafe/.github/workflows/test-functional.yml", "*", "inputs.test-script", "code-injection", "generated"]
+     - ["devexpress/testcafe/.github/workflows/test-functional.yml", "*", "inputs.display", "code-injection", "generated"]
+     - ["devexpress/testcafe/.github/workflows/test-functional.yml", "*", "inputs.matrix-jobs-count", "code-injection", "generated"]
+     - ["devexpress/testcafe/.github/workflows/test-client.yml", "*", "inputs.test-script", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/dfhack_dfhack.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/dfhack_dfhack.model.yml
@@ -0,0 +1,18 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["dfhack/dfhack/.github/workflows/build-windows.yml", "*", "inputs.artifact-name", "code-injection", "generated"]
+     - ["dfhack/dfhack/.github/workflows/build-windows.yml", "*", "inputs.append-date-and-hash", "code-injection", "generated"]
+     - ["dfhack/dfhack/.github/workflows/build-linux.yml", "*", "inputs.artifact-name", "code-injection", "generated"]
+     - ["dfhack/dfhack/.github/workflows/build-linux.yml", "*", "inputs.append-date-and-hash", "code-injection", "generated"]
+     - ["dfhack/dfhack/.github/workflows/build-linux.yml", "*", "inputs.common-files", "code-injection", "generated"]
+     - ["dfhack/dfhack/.github/workflows/build-linux.yml", "*", "inputs.xml-dump-type-sizes", "code-injection", "generated"]
+     - ["dfhack/dfhack/.github/workflows/build-linux.yml", "*", "inputs.tests", "code-injection", "generated"]
+     - ["dfhack/dfhack/.github/workflows/build-linux.yml", "*", "inputs.docs", "code-injection", "generated"]
+     - ["dfhack/dfhack/.github/workflows/build-linux.yml", "*", "inputs.extras", "code-injection", "generated"]
+     - ["dfhack/dfhack/.github/workflows/build-linux.yml", "*", "inputs.stonesense", "code-injection", "generated"]
+     - ["dfhack/dfhack/.github/workflows/build-linux.yml", "*", "inputs.platform-files", "code-injection", "generated"]
+     - ["dfhack/dfhack/.github/workflows/build-linux.yml", "*", "inputs.launchdf", "code-injection", "generated"]
+     - ["dfhack/dfhack/.github/workflows/build-linux.yml", "*", "inputs.gcc-ver", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/docker_build-push-action.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/docker_build-push-action.model.yml
@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["docker/build-push-action/.github/workflows/.e2e-run.yml", "*", "inputs.id", "code-injection", "generated"]
+     - ["docker/build-push-action/.github/workflows/.e2e-run.yml", "*", "inputs.type", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/dragonwell-project_dragonwell11.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/dragonwell-project_dragonwell11.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["dragonwell-project/dragonwell11/.github/workflows/test.yml", "*", "inputs.platform", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/earthly_earthly.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/earthly_earthly.model.yml
@@ -0,0 +1,22 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["earthly/earthly/.github/workflows/reusable-wait-block-target.yml", "*", "inputs.BINARY", "code-injection", "generated"]
+     - ["earthly/earthly/.github/workflows/reusable-wait-block-target.yml", "*", "inputs.SUDO", "code-injection", "generated"]
+     - ["earthly/earthly/.github/workflows/reusable-wait-block-target.yml", "*", "inputs.TARGET_NAME", "code-injection", "generated"]
+     - ["earthly/earthly/.github/workflows/reusable-wait-block-target.yml", "*", "inputs.EXTRA_ARGS", "code-injection", "generated"]
+     - ["earthly/earthly/.github/workflows/reusable-wait-block-target.yml", "*", "inputs.BUILT_EARTHLY_PATH", "code-injection", "generated"]
+     - ["earthly/earthly/.github/workflows/reusable-wait-block-main.yml", "*", "inputs.BINARY", "code-injection", "generated"]
+     - ["earthly/earthly/.github/workflows/reusable-wait-block-main.yml", "*", "inputs.SUDO", "code-injection", "generated"]
+     - ["earthly/earthly/.github/workflows/reusable-test.yml", "*", "inputs.BINARY", "code-injection", "generated"]
+     - ["earthly/earthly/.github/workflows/reusable-test.yml", "*", "inputs.SUDO", "code-injection", "generated"]
+     - ["earthly/earthly/.github/workflows/reusable-test.yml", "*", "inputs.EXTRA_ARGS", "code-injection", "generated"]
+     - ["earthly/earthly/.github/workflows/reusable-test.yml", "*", "inputs.BUILT_EARTHLY_PATH", "code-injection", "generated"]
+     - ["earthly/earthly/.github/workflows/reusable-test.yml", "*", "inputs.TEST_TARGET", "code-injection", "generated"]
+     - ["earthly/earthly/.github/workflows/reusable-test-local.yml", "*", "inputs.BINARY", "code-injection", "generated"]
+     - ["earthly/earthly/.github/workflows/reusable-test-local.yml", "*", "inputs.SUDO", "code-injection", "generated"]
+     - ["earthly/earthly/.github/workflows/reusable-test-local.yml", "*", "inputs.BINARY_COMPOSE", "code-injection", "generated"]
+     - ["earthly/earthly/.github/workflows/reusable-test-local.yml", "*", "inputs.RUN_EARTHLY_TEST_ARGS", "code-injection", "generated"]
+     - ["earthly/earthly/.github/workflows/reusable-test-local.yml", "*", "inputs.BUILT_EARTHLY_PATH", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/eclipse-vertx_vert.x.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/eclipse-vertx_vert.x.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["eclipse-vertx/vert.x/.github/workflows/ci.yml", "*", "inputs.profile", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/eclipse-vertx_vertx-sql-client.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/eclipse-vertx_vertx-sql-client.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["eclipse-vertx/vertx-sql-client/.github/workflows/ci.yml", "*", "inputs.profile", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/elastic_elasticsearch-net.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/elastic_elasticsearch-net.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["elastic/elasticsearch-net/.github/workflows/release.yml", "*", "inputs.solution", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/element-hq_element-desktop.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/element-hq_element-desktop.model.yml
@@ -0,0 +1,11 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["element-hq/element-desktop/.github/workflows/build_windows.yaml", "*", "inputs.version", "code-injection", "generated"]
+     - ["element-hq/element-desktop/.github/workflows/build_prepare.yaml", "*", "inputs.config", "code-injection", "generated"]
+     - ["element-hq/element-desktop/.github/workflows/build_prepare.yaml", "*", "inputs.version", "code-injection", "generated"]
+     - ["element-hq/element-desktop/.github/workflows/build_macos.yaml", "*", "inputs.base-url", "code-injection", "generated"]
+     - ["element-hq/element-desktop/.github/workflows/build_macos.yaml", "*", "inputs.version", "code-injection", "generated"]
+     - ["element-hq/element-desktop/.github/workflows/build_linux.yaml", "*", "inputs.version", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/etcd-io_bbolt.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/etcd-io_bbolt.model.yml
@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["etcd-io/bbolt/.github/workflows/robustness_template.yaml", "*", "inputs.testTimeout", "code-injection", "generated"]
+     - ["etcd-io/bbolt/.github/workflows/robustness_template.yaml", "*", "inputs.count", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/etcd-io_etcd.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/etcd-io_etcd.model.yml
@@ -0,0 +1,9 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["etcd-io/etcd/.github/workflows/tests-template.yaml", "*", "inputs.arch", "code-injection", "generated"]
+     - ["etcd-io/etcd/.github/workflows/robustness-template.yaml", "*", "inputs.scenario", "code-injection", "generated"]
+     - ["etcd-io/etcd/.github/workflows/robustness-template.yaml", "*", "inputs.testTimeout", "code-injection", "generated"]
+     - ["etcd-io/etcd/.github/workflows/robustness-template.yaml", "*", "inputs.count", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/eventstore_eventstore.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/eventstore_eventstore.model.yml
@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["eventstore/eventstore/.github/workflows/build-reusable.yml", "*", "inputs.arch", "code-injection", "generated"]
+     - ["eventstore/eventstore/.github/workflows/build-container-reusable.yml", "*", "inputs.container-runtime", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/expensify_app.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/expensify_app.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["expensify/app/.github/workflows/e2ePerformanceTests.yml", "*", "inputs.PR_NUMBER", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/external-secrets_external-secrets.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/external-secrets_external-secrets.model.yml
@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["external-secrets/external-secrets/.github/workflows/publish.yml", "*", "inputs.image-tag", "code-injection", "generated"]
+     - ["external-secrets/external-secrets/.github/workflows/publish.yml", "*", "inputs.tag-suffix", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/facebook_create-react-app.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/facebook_create-react-app.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["facebook/create-react-app/.github/workflows/e2e-base.yml", "*", "inputs.testScript", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/facebookresearch_xformers.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/facebookresearch_xformers.model.yml
@@ -0,0 +1,15 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["facebookresearch/xformers/.github/workflows/wheels_upload_s3.yml", "*", "inputs.aws_s3_cp_extra_args", "code-injection", "generated"]
+     - ["facebookresearch/xformers/.github/workflows/wheels_upload_s3.yml", "*", "inputs.s3_path", "code-injection", "generated"]
+     - ["facebookresearch/xformers/.github/workflows/wheels_upload_s3.yml", "*", "inputs.filter", "code-injection", "generated"]
+     - ["facebookresearch/xformers/.github/workflows/wheels_upload_s3.yml", "*", "inputs.artifact_tag", "code-injection", "generated"]
+     - ["facebookresearch/xformers/.github/workflows/wheels_upload_pip.yml", "*", "inputs.filter", "code-injection", "generated"]
+     - ["facebookresearch/xformers/.github/workflows/wheels_upload_pip.yml", "*", "inputs.artifact_tag", "code-injection", "generated"]
+     - ["facebookresearch/xformers/.github/workflows/wheels_upload_pip.yml", "*", "inputs.pypirc", "code-injection", "generated"]
+     - ["facebookresearch/xformers/.github/workflows/wheels_build.yml", "*", "inputs.cuda_short_version", "code-injection", "generated"]
+     - ["facebookresearch/xformers/.github/workflows/wheels_build.yml", "*", "inputs.torch_version", "code-injection", "generated"]
+     - ["facebookresearch/xformers/.github/workflows/linters_reusable.yml", "*", "inputs.pre-script", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/falcosecurity_falco.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/falcosecurity_falco.model.yml
@@ -0,0 +1,11 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["falcosecurity/falco/.github/workflows/reusable_build_packages.yaml", "*", "inputs.build_type", "code-injection", "generated"]
+     - ["falcosecurity/falco/.github/workflows/reusable_build_packages.yaml", "*", "inputs.version", "code-injection", "generated"]
+     - ["falcosecurity/falco/.github/workflows/reusable_test_packages.yaml", "*", "inputs.version", "code-injection", "generated"]
+     - ["falcosecurity/falco/.github/workflows/reusable_test_packages.yaml", "*", "inputs.arch", "code-injection", "generated"]
+     - ["falcosecurity/falco/.github/workflows/reusable_publish_packages.yaml", "*", "inputs.version", "code-injection", "generated"]
+     - ["falcosecurity/falco/.github/workflows/reusable_publish_packages.yaml", "*", "inputs.bucket_suffix", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/fastify_fastify.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/fastify_fastify.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["fastify/fastify/.github/workflows/citgm-package.yml", "*", "inputs.package", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/ferretdb_ferretdb.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/ferretdb_ferretdb.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["ferretdb/ferretdb/.github/workflows/_integration.yml", "*", "inputs.task", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/filecoin-project_venus.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/filecoin-project_venus.model.yml
@@ -0,0 +1,9 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["filecoin-project/venus/.github/workflows/common_go.yml", "*", "inputs.test_timeout", "code-injection", "generated"]
+     - ["filecoin-project/venus/.github/workflows/common_go.yml", "*", "inputs.log_level", "code-injection", "generated"]
+     - ["filecoin-project/venus/.github/workflows/common_build_upload.yml", "*", "inputs.bin_name", "code-injection", "generated"]
+     - ["filecoin-project/venus/.github/workflows/common_build_upload.yml", "*", "inputs.has_ffi", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/firebase_firebase-unity-sdk.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/firebase_firebase-unity-sdk.model.yml
@@ -0,0 +1,19 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["firebase/firebase-unity-sdk/.github/workflows/update_versions.yml", "*", "inputs.triggered_by_callable", "code-injection", "generated"]
+     - ["firebase/firebase-unity-sdk/.github/workflows/update_versions.yml", "*", "inputs.package_version_number", "code-injection", "generated"]
+     - ["firebase/firebase-unity-sdk/.github/workflows/update_versions.yml", "*", "inputs.base_branch", "code-injection", "generated"]
+     - ["firebase/firebase-unity-sdk/.github/workflows/update_versions.yml", "*", "inputs.cpp_release_version", "code-injection", "generated"]
+     - ["firebase/firebase-unity-sdk/.github/workflows/package.yml", "*", "inputs.platforms", "code-injection", "generated"]
+     - ["firebase/firebase-unity-sdk/.github/workflows/package.yml", "*", "inputs.runIntegrationTests", "code-injection", "generated"]
+     - ["firebase/firebase-unity-sdk/.github/workflows/package.yml", "*", "inputs.apis", "code-injection", "generated"]
+     - ["firebase/firebase-unity-sdk/.github/workflows/package.yml", "*", "inputs.working_branch", "code-injection", "generated"]
+     - ["firebase/firebase-unity-sdk/.github/workflows/package.yml", "*", "inputs.release_label", "code-injection", "generated"]
+     - ["firebase/firebase-unity-sdk/.github/workflows/package.yml", "*", "inputs.create_new_branch", "code-injection", "generated"]
+     - ["firebase/firebase-unity-sdk/.github/workflows/build_windows.yml", "*", "inputs.apis", "code-injection", "generated"]
+     - ["firebase/firebase-unity-sdk/.github/workflows/build_tvos.yml", "*", "inputs.apis", "code-injection", "generated"]
+     - ["firebase/firebase-unity-sdk/.github/workflows/build_macos.yml", "*", "inputs.apis", "code-injection", "generated"]
+     - ["firebase/firebase-unity-sdk/.github/workflows/build_linux.yml", "*", "inputs.apis", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/flarum_framework.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/flarum_framework.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["flarum/framework/.github/workflows/REUSABLE_backend.yml", "*", "inputs.monorepo_tests", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/fluent_fluent-bit.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/fluent_fluent-bit.model.yml
@@ -0,0 +1,13 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["fluent/fluent-bit/.github/workflows/call-windows-unit-tests.yaml", "*", "inputs.unstable", "code-injection", "generated"]
+     - ["fluent/fluent-bit/lib/wasm-micro-runtime-WAMR-1.3.0/.github/workflows/reuse_latest_release_binaries.yml", "*", "inputs.the_path", "code-injection", "generated"]
+     - ["fluent/fluent-bit/lib/wasm-micro-runtime-WAMR-1.3.0/.github/workflows/reuse_latest_release_binaries.yml", "*", "inputs.last_commit", "code-injection", "generated"]
+     - ["fluent/fluent-bit/lib/wasm-micro-runtime-WAMR-1.3.0/.github/workflows/reuse_latest_release_binaries.yml", "*", "inputs.binary_name_stem", "code-injection", "generated"]
+     - ["fluent/fluent-bit/lib/wasm-micro-runtime-WAMR-1.3.0/.github/workflows/build_wamrc.yml", "*", "inputs.ver_num", "code-injection", "generated"]
+     - ["fluent/fluent-bit/lib/wasm-micro-runtime-WAMR-1.3.0/.github/workflows/build_wamrc.yml", "*", "inputs.runner", "code-injection", "generated"]
+     - ["fluent/fluent-bit/lib/wasm-micro-runtime-WAMR-1.3.0/.github/workflows/build_wamr_vscode_ext.yml", "*", "inputs.ver_num", "code-injection", "generated"]
+     - ["fluent/fluent-bit/lib/wasm-micro-runtime-WAMR-1.3.0/.github/workflows/build_wamr_sdk.yml", "*", "inputs.ver_num", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/flux-iac_tofu-controller.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/flux-iac_tofu-controller.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["flux-iac/tofu-controller/.github/workflows/targeted-test.yaml", "*", "inputs.pattern", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/flyteorg_flyte.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/flyteorg_flyte.model.yml
@@ -0,0 +1,8 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["flyteorg/flyte/.github/workflows/publish.yml", "*", "inputs.before-build", "code-injection", "generated"]
+     - ["flyteorg/flyte/.github/workflows/integration.yml", "*", "inputs.component", "code-injection", "generated"]
+     - ["flyteorg/flyte/.github/workflows/component_docker_build.yml", "*", "inputs.component", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/foundatiofx_foundatio.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/foundatiofx_foundatio.model.yml
@@ -0,0 +1,8 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["foundatiofx/foundatio/.github/workflows/build-workflow.yml", "*", "inputs.org", "code-injection", "generated"]
+     - ["foundatiofx/foundatio/.github/workflows/build-workflow.yml", "*", "inputs.solution", "code-injection", "generated"]
+     - ["foundatiofx/foundatio/.github/workflows/build-workflow.yml", "*", "inputs.compose-command", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/freecad_freecad.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/freecad_freecad.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["freecad/freecad/.github/workflows/sub_wrapup.yml", "*", "inputs.previousSteps", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/getpelican_pelican.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/getpelican_pelican.model.yml
@@ -0,0 +1,8 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["getpelican/pelican/.github/workflows/github_pages.yml", "*", "inputs.output-path", "code-injection", "generated"]
+     - ["getpelican/pelican/.github/workflows/github_pages.yml", "*", "inputs.settings", "code-injection", "generated"]
+     - ["getpelican/pelican/.github/workflows/github_pages.yml", "*", "inputs.requirements", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/getporter_porter.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/getporter_porter.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["getporter/porter/.github/workflows/build_pipelinesrelease_template.yml", "*", "inputs.registry", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/getsentry_sentry-dart.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/getsentry_sentry-dart.model.yml
@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["getsentry/sentry-dart/.github/workflows/analyze.yml", "*", "inputs.panaThreshold", "code-injection", "generated"]
+     - ["getsentry/sentry-dart/.github/workflows/analyze.yml", "*", "inputs.sdk", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/getsentry_sentry-unity.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/getsentry_sentry-unity.model.yml
@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["getsentry/sentry-unity/.github/workflows/sdk.yml", "*", "inputs.target", "code-injection", "generated"]
+     - ["getsentry/sentry-unity/.github/workflows/android-smoke-test.yml", "*", "inputs.api-level", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/gitpod-io_gitpod.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/gitpod-io_gitpod.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["gitpod-io/gitpod/.github/workflows/jetbrains-auto-update-template.yml", "*", "inputs.productId", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/gittools_gitversion.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/gittools_gitversion.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["gittools/gitversion/.github/workflows/_artifacts_linux.yml", "*", "inputs.arch", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/googlecloudplatform_magic-modules.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/googlecloudplatform_magic-modules.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["googlecloudplatform/magic-modules/.github/workflows/build-downstream.yml", "*", "inputs.repo", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/googlecloudplatform_nodejs-docs-samples.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/googlecloudplatform_nodejs-docs-samples.model.yml
@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["googlecloudplatform/nodejs-docs-samples/.github/workflows/test.yaml", "*", "inputs.path", "code-injection", "generated"]
+     - ["googlecloudplatform/nodejs-docs-samples/.github/workflows/test.yaml", "*", "inputs.name", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/gravitational_teleport.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/gravitational_teleport.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["gravitational/teleport/.github/workflows/update-ami-ids.yaml", "*", "inputs.version", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/gravitl_netmaker.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/gravitl_netmaker.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["gravitl/netmaker/.github/workflows/publish-docker.yml", "*", "inputs.tag", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/h2oai_wave.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/h2oai_wave.model.yml
@@ -0,0 +1,8 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["h2oai/wave/.github/workflows/wave-bundle-docker-build-publish.yaml", "*", "inputs.build-version", "code-injection", "generated"]
+     - ["h2oai/wave/.github/workflows/wave-bundle-docker-build-publish.yaml", "*", "inputs.wave-app-name", "code-injection", "generated"]
+     - ["h2oai/wave/.github/workflows/wave-bundle-docker-build-publish.yaml", "*", "inputs.working-directory", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/hadashia_vcontainer.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/hadashia_vcontainer.model.yml
@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["hadashia/vcontainer/.github/workflows/update-version-number.yaml", "*", "inputs.dry-run", "code-injection", "generated"]
+     - ["hadashia/vcontainer/.github/workflows/update-version-number.yaml", "*", "inputs.tag", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/hashicorp_boundary.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/hashicorp_boundary.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["hashicorp/boundary/.github/workflows/test-cli-ui_oss.yml", "*", "inputs.artifact-name", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/hashicorp_consul.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/hashicorp_consul.model.yml
@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["hashicorp/consul/.github/workflows/reusable-unit.yml", "*", "inputs.package-names-command", "code-injection", "generated"]
+     - ["hashicorp/consul/.github/workflows/reusable-unit.yml", "*", "inputs.go-test-flags", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/hashicorp_terraform-cdk.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/hashicorp_terraform-cdk.model.yml
@@ -0,0 +1,15 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["hashicorp/terraform-cdk/.github/workflows/unit.yml", "*", "inputs.package", "code-injection", "generated"]
+     - ["hashicorp/terraform-cdk/.github/workflows/registry-docs-pr-based.yml", "*", "inputs.gitUser", "code-injection", "generated"]
+     - ["hashicorp/terraform-cdk/.github/workflows/registry-docs-pr-based.yml", "*", "inputs.gitEmail", "code-injection", "generated"]
+     - ["hashicorp/terraform-cdk/.github/workflows/registry-docs-pr-based.yml", "*", "inputs.providerFqn", "code-injection", "generated"]
+     - ["hashicorp/terraform-cdk/.github/workflows/registry-docs-pr-based.yml", "*", "inputs.parallelConversionsPerDocument", "code-injection", "generated"]
+     - ["hashicorp/terraform-cdk/.github/workflows/registry-docs-pr-based.yml", "*", "inputs.parallelFileConversions", "code-injection", "generated"]
+     - ["hashicorp/terraform-cdk/.github/workflows/registry-docs-pr-based.yml", "*", "inputs.languages", "code-injection", "generated"]
+     - ["hashicorp/terraform-cdk/.github/workflows/registry-docs-pr-based.yml", "*", "inputs.cdktfRegistryDocsVersion", "code-injection", "generated"]
+     - ["hashicorp/terraform-cdk/.github/workflows/registry-docs-pr-based.yml", "*", "inputs.files", "code-injection", "generated"]
+     - ["hashicorp/terraform-cdk/.github/workflows/registry-docs-pr-based.yml", "*", "inputs.maxRunners", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/hashicorp_terraform-provider-tfe.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/hashicorp_terraform-provider-tfe.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["hashicorp/terraform-provider-tfe/.github/workflows/jira-issue-sync.yml", "*", "inputs.issue-extra-fields", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/hashicorp_terraform.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/hashicorp_terraform.model.yml
@@ -0,0 +1,9 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["hashicorp/terraform/.github/workflows/build-terraform-cli.yml", "*", "inputs.product-version", "code-injection", "generated"]
+     - ["hashicorp/terraform/.github/workflows/build-terraform-cli.yml", "*", "inputs.package-name", "code-injection", "generated"]
+     - ["hashicorp/terraform/.github/workflows/build-terraform-cli.yml", "*", "inputs.goarch", "code-injection", "generated"]
+     - ["hashicorp/terraform/.github/workflows/build-terraform-cli.yml", "*", "inputs.goos", "code-injection", "generated"]
--- a/ql/lib/ext/generated/reusable-workflows/hashicorp_vault.model.yml
+++ b/ql/lib/ext/generated/reusable-workflows/hashicorp_vault.model.yml
@@ -0,0 +1,16 @@
+extensions:
+  - addsTo:
+      pack: githubsecuritylab/actions-all
+      extensible: sinkModel
+    data:
+     - ["hashicorp/vault/.github/workflows/test-run-enos-scenario-matrix.yml", "*", "inputs.sample-max", "code-injection", "generated"]
+     - ["hashicorp/vault/.github/workflows/test-run-enos-scenario-matrix.yml", "*", "inputs.sample-name", "code-injection", "generated"]
+     - ["hashicorp/vault/.github/workflows/test-run-enos-scenario-matrix.yml", "*", "inputs.vault-edition", "code-injection", "generated"]
+     - ["hashicorp/vault/.github/workflows/test-run-enos-scenario-matrix.yml", "*", "inputs.vault-version", "code-injection", "generated"]
+     - ["hashicorp/vault/.github/workflows/test-run-acc-tests-for-path.yml", "*", "inputs.name", "code-injection", "generated"]
+     - ["hashicorp/vault/.github/workflows/test-run-acc-tests-for-path.yml", "*", "inputs.path", "code-injection", "generated"]
+     - ["hashicorp/vault/.github/workflows/test-go.yml", "*", "inputs.name", "code-injection", "generated"]
+     - ["hashicorp/vault/.github/workflows/test-go.yml", "*", "inputs.go-arch", "code-injection", "generated"]
+     - ["hashicorp/vault/.github/workflows/test-go.yml", "*", "inputs.binary-tests", "code-injection", "generated"]
+     - ["hashicorp/vault/.github/workflows/test-go.yml", "*", "inputs.total-runners", "code-injection", "generated"]
+     - ["hashicorp/vault/.github/workflows/test-enos-scenario-ui.yml", "*", "inputs.storage_backend", "code-injection", "generated"]
--- a/Show More
+++ b/Show More