hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-14 11:19:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update UnpinnedActionsTag query metadata scope

Browse Source 
Agent-Logs-Url: https://github.com/github/codeql/sessions/5425ff86-b998-4c7b-9447-52c8ae74a7a2

Co-authored-by: oscarsj <1410188+oscarsj@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
2026-04-20 11:01:57 +00:00
committed by GitHub
parent ca68274ec3
commit b2046034f1
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
actions/ql/src/Security/CWE-829/UnpinnedActionsTag.ql
View File

@@ -1,5 +1,5 @@
/**
* @name Unpinned tag for a non-immutable Action in workflow
* @name Unpinned tag for a non-immutable Action in workflow or composite action
* @description Using a tag for a non-immutable Action that is not pinned to a commit can lead to executing an untrusted Action through a supply chain attack.
* @kind problem
* @security-severity 5.0