You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Trend: 🟰 FLAT vs 2026-07-03 (948 → 948). Zero regressions across all four tools.
Findings by Tool
Tool
Total
Critical
High
Medium
Low
Info
zizmor (security)
553
0
0
1
291
261
poutine (supply chain)
22
0
0
0 (10 error*)
1 warn
11 note
actionlint (linting)
40
-
-
-
-
40 err
runner-guard (taint)
333
0
322
11
-
-
* poutine untrusted_checkout_exec are reported at "error" level but all carry # poutine:ignore (known FP on save_base_github_folders.sh / smoke-workflow-call).
zizmor High = 0 for the 16th+ consecutive day. No new issue classes introduced.
Issues created this run: none. All high-severity runner-guard findings (RGS-004, RGS-012, RGS-018) map — by rule ID and affected file — to previously closed issues that were reviewed and accepted. Per the dedup policy (closed rule+file ⇒ skip) and meta-issue #31043 (which documents daily re-filing of these exact findings as a bug), no new issues were created and no open issues exist to comment on.
Description: Workflows triggered by issue_comment / workflow_run that access secrets or hold write permissions without verifying the comment author's authorization level before privileged operations.
You are fixing a security finding identified by zizmor.
Vulnerability: excessive-permissions — overly broad permissions
Rule: excessive-permissions — (docs.zizmor.sh/redacted)
Current Issue:
The agent job in .github/workflows/dependabot-repair.md compiles to a job with
broader GITHUB_TOKEN permissions than it needs. Broad permissions increase the
blast radius if the job (which runs an AI agent over untrusted dependency diffs)
is compromised via prompt injection or a malicious dependency.
Required Fix:
1. Open the SOURCE file .github/workflows/dependabot-repair.md (do NOT edit the
generated .lock.yml directly — it is regenerated by `gh aw compile`).
2. In its frontmatter `permissions:` block, enumerate only the scopes actually
used by the workflow's steps and safe-outputs (e.g. contents: read,
pull-requests: write) and remove any broad grants (avoid write-all / unused
write scopes).
3. Recompile with `gh aw compile` and confirm the zizmor excessive-permissions
finding on dependabot-repair.lock.yml clears.
Example:
Before:
```yaml
permissions: write-all
After:
permissions:
contents: readpull-requests: write
<details>
<summary>All Findings Details (representative)</summary>
**dependabot-repair.lock.yml** — zizmor [Medium] excessive-permissions @ 416:3
**smoke-codex.lock.yml** — zizmor [Info] superfluous-actions @ 2281:9
**skillet.lock.yml** — actionlint [expression] property-not-defined (pre_activation) ×3
**smoke-workflow-call{,-with-inputs}.lock.yml** — poutine untrusted_checkout_exec ×5 each (all `# poutine:ignore`)
**q / dev-hawk / ai-moderator .lock.yml** — RGS-004 High (comment-trigger auth) — accepted FP
**daily-byok-ollama-test.lock.yml:450** — RGS-012 + RGS-018 High (ollama install curl|sh)
**copilot-setup-steps.yml:16-17** — RGS-018 High (install-gh-aw.sh curl|bash)
**publish-safe-outputs-node.yml:191** — RGS-007 Medium (unpinned mutable tag)
</details>
### Historical Trends
| Date | zizmor | poutine | actionlint | runner-guard | RG high | RG medium | Grand |
|------|--------|---------|------------|--------------|---------|-----------|-------|
| 2026-06-30 | 553 | 22 | 482 | 330 | 319 | 11 | 1387 |
| 2026-07-01 | 554 | 22 | 482 | 330 | 319 | 11 | 1388 |
| 2026-07-02 | 553 | 22 | 40 | 330 | 319 | 11 | 945 |
| 2026-07-03 | 553 | 22 | 40 | 333 | 322 | 11 | 948 |
| **2026-07-04** | **553** | **22** | **40** | **333** | **322** | **11** | **948** |
- **Previous scan**: 2026-07-03 (948) → **Current**: 2026-07-04 (948) → **Change: 0 (0.0%)**
- **New issue types**: none
- **Resolved issue types**: none
- zizmor **High = 0** sustained (16th+ consecutive day). The 2026-07-02 actionlint drop (482→40) from the `queue` concurrency FP clearing under actionlint 1.7.12 remains stable.
### Recommendations
1. **Immediate**: None required — 0 Critical, and all High runner-guard findings are reviewed/accepted FPs (framework auth indirection / trusted install scripts).
2. **Short-term**: Scope `dependabot-repair` agent-job permissions to least-privilege (only genuine Medium signal, fix prompt above).
3. **Long-term**: Consider runner-guard allowlist/suppression annotations for the RGS-004/012/018 accepted patterns so the daily 322 High count stops masking any genuinely new High finding.
4. **Prevention**: The dedup-by-rule+file behaviour requested in #31043 is now honoured by this report (0 duplicate issues filed).
### Next Steps
- [ ] Scope `dependabot-repair.md` job permissions (zizmor Medium)
- [ ] Add runner-guard suppressions for accepted RGS-004/012/018 patterns to unmask future genuine High findings
- [ ] Keep monitoring zizmor High = 0 streak
- [ ] No action on poutine/actionlint findings (all known FPs / by-design)
**References:**
- [§28696870993](https://github.com/github/gh-aw/actions/runs/28696870993)
> Generated by [📊 Static Analysis Report](https://github.com/github/gh-aw/actions/runs/28696870993) · 216.6 AIC · ⌖ 27.9 AIC · ⊞ 10K · [◷](https://github.com/search?q=repo%3Agithub%2Fgh-aw+is%3Aissue+%22gh-aw-workflow-call-id%3A+github%2Fgh-aw%2Fstatic-analysis-report%22&type=issues)
> - [x] expires <!-- gh-aw-expires: 2026-07-11T06:06:11.339Z --> on Jul 10, 2026, 10:06 PM UTC-08:00
<!-- gh-aw-agentic-workflow: Static Analysis Report, engine: claude, model: agent, id: 28696870993, workflow_id: static-analysis-report, run: https://github.com/github/gh-aw/actions/runs/28696870993 -->
<!-- gh-aw-workflow-id: static-analysis-report -->
<!-- gh-aw-workflow-call-id: github/gh-aw/static-analysis-report -->
🔍 Static Analysis Report - 2026-07-04
Analysis Summary
Findings by Tool
* poutine
untrusted_checkout_execare reported at "error" level but all carry# poutine:ignore(known FP onsave_base_github_folders.sh/ smoke-workflow-call).zizmor High = 0 for the 16th+ consecutive day. No new issue classes introduced.
Clustered Findings by Tool and Type
Zizmor Security Findings
${{ }}expansion in generated lock files — by-design gh-aw pattern# poutine:ignoreinline comments flagged as obfuscationdependabot-repair.lock.yml:416:3(agent job) overly broad permissionssmoke-codex.lock.yml:2281action already included by runnerPoutine Supply Chain Findings
# poutine:ignoreActionlint Linting Issues
Shellcheck breakdown: SC2016 (21, awk single-quote FPs), SC2038 (6), SC2086 (5), SC2034 (2), SC2188/SC2129/SC2005 (1 each).
Runner-Guard Taint Analysis Findings
.lock.yml)Issues created this run: none. All high-severity runner-guard findings (RGS-004, RGS-012, RGS-018) map — by rule ID and affected file — to previously closed issues that were reviewed and accepted. Per the dedup policy (closed rule+file ⇒ skip) and meta-issue #31043 (which documents daily re-filing of these exact findings as a bug), no new issues were created and no open issues exist to comment on.
Dedup verification (rule + file → prior closed issue)
Top Priority Issues
1. RGS-004 — Comment-Triggered Workflow Without Author Authorization Check
q.lock.yml,dev-hawk.lock.yml,ai-moderator.lock.ymlissue_comment/workflow_runthat access secrets or hold write permissions without verifying the comment author's authorization level before privileged operations.activation/role checks; runner-guard does not model that indirection. Tracked as accepted FP.2. zizmor excessive-permissions (Medium) — the only non-FP quality signal worth watching
dependabot-repair.lock.yml:416:3(agent job)permissions:on the agent job widens blast radius if the job is compromised. Worth scoping to least-privilege in the source.md.Fix Suggestion for zizmor
excessive-permissions(Medium)Issue: Overly broad job-level permissions
Severity: Medium
Affected Workflows: 1 (
dependabot-repair)Prompt to Copilot Agent:
After: