Paolo Tranquilli e807545591 Remove false positive docker/build-push-action context sink model ...

The `context` input is passed as a single array element through
`docker/actions-toolkit` and `@actions/exec` all the way to
`child_process.spawn()`, which does not perform shell splitting.
No code injection is possible.

Fixes https://github.com/github/codeql/issues/21428

2026-03-26 09:08:34 +01:00

..

config

actions: add some missing permissions

2025-05-14 17:28:54 +01:00

generated

Move into actions subdirectory to prepare for migration to github/codeql

2024-12-18 14:35:15 -05:00

manual

Remove false positive docker/build-push-action context sink model

2026-03-26 09:08:34 +01:00