feat(githubactions): ignore official/known actions #6971
Labels
community
Community contribution
docker
Docker query
feature request
Community: new feature request
query
New query feature
Is your feature request related to a problem? Please describe.
As a Kics user, I encounter challenges when dealing with the “Unpinned Actions Full Length Commit SHA” query. While pinning actions is essential for security, there are scenarios where certain actions can be trusted without the need for manual pinning. Specifically, actions from well-known sources like
actions/
,github/
, anddocker/
fall into this category.However, the current process requires me to either disable the query entirely or manually exclude trusted actions by
# kics-scan ignore-line
, which is cumbersome and error-prone.Describe the solution you'd like
I propose enhancing the query to allow users to specify trusted prefixes for actions.
When evaluating whether an action should be pinned, Kics should skip actions with these trusted prefixes.
This feature would streamline the process, improve workflow efficiency, and reduce the need for manual intervention.
Describe alternatives you've considered
Currently, I manually exclude trusted action lines. However, this approach is time-consuming and prone to oversight.
Additional context
https://github.com/Checkmarx/2ms/pull/223/files
The text was updated successfully, but these errors were encountered: