From f7162228012cb27341f759c9d05fdeb3c554bba0 Mon Sep 17 00:00:00 2001
From: Kylie Stradley <4666485+KyFaSt@users.noreply.github.com>
Date: Thu, 24 Oct 2024 16:27:53 -0400
Subject: [PATCH] remove octokit from trusted orgs for now - reduce PR scope

---
 ql/src/Security/CWE-829/UnpinnedActionsTag.ql | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ql/src/Security/CWE-829/UnpinnedActionsTag.ql b/ql/src/Security/CWE-829/UnpinnedActionsTag.ql
index 2111cc118a9..10c21bc368b 100644
--- a/ql/src/Security/CWE-829/UnpinnedActionsTag.ql
+++ b/ql/src/Security/CWE-829/UnpinnedActionsTag.ql
@@ -18,7 +18,7 @@ private predicate isPinnedCommit(string version) { version.regexpMatch("^[A-Fa-f
 
 bindingset[repo]
 private predicate isTrustedOrg(string repo) {
-  exists(string org | org in ["actions", "github", "advanced-security", "octokit"] | repo.matches(org + "/%"))
+  exists(string org | org in ["actions", "github", "advanced-security"] | repo.matches(org + "/%"))
 }
 
 from UsesStep uses, string repo, string version, Workflow workflow, string name