Skip to content

[static-analysis] Report - 2026-07-04 #43322

Description

@github-actions

🔍 Static Analysis Report - 2026-07-04

Analysis Summary

  • Tools Used: zizmor, poutine, actionlint, runner-guard (v2.6.0)
  • Total Findings: 948
  • Workflows Scanned: 258
  • Workflows Affected: ~199 (zizmor by-design patterns dominate)
  • Trend: 🟰 FLAT vs 2026-07-03 (948 → 948). Zero regressions across all four tools.

Findings by Tool

Tool Total Critical High Medium Low Info
zizmor (security) 553 0 0 1 291 261
poutine (supply chain) 22 0 0 0 (10 error*) 1 warn 11 note
actionlint (linting) 40 - - - - 40 err
runner-guard (taint) 333 0 322 11 - -

* poutine untrusted_checkout_exec are reported at "error" level but all carry # poutine:ignore (known FP on save_base_github_folders.sh / smoke-workflow-call).

zizmor High = 0 for the 16th+ consecutive day. No new issue classes introduced.

Clustered Findings by Tool and Type

Zizmor Security Findings

Issue Type Severity Count Notes
template-injection Informational 260 Step-name/${{ }} expansion in generated lock files — by-design gh-aw pattern
adhoc-packages Low 257 CLI tool installs (npm/pip/go install) in agent setup — by-design
obfuscation Low 30 # poutine:ignore inline comments flagged as obfuscation
template-injection Low 4
excessive-permissions Medium 1 dependabot-repair.lock.yml:416:3 (agent job) overly broad permissions
superfluous-actions Informational 1 smoke-codex.lock.yml:2281 action already included by runner

Poutine Supply Chain Findings

Issue Type Severity Count Affected Workflows
untrusted_checkout_exec error (FP) 10 smoke-workflow-call (5), smoke-workflow-call-with-inputs (5) — all # poutine:ignore
github_action_from_unverified_creator_used note 8 mcp-inspector, dataflow-pr-discussion-dataset, hippo-embed, super-linter, smoke-codex, link-check, copilot-setup-steps
unverified_script_exec note 3 daily-byok-ollama-test (ollama), copilot-setup-steps (install-gh-aw.sh), smoke-codex (trufflehog)
pr_runs_on_self_hosted warning 1 smoke-copilot-arm (ubuntu-24.04-arm)

Actionlint Linting Issues

Issue Type Count Top Affected Workflows
shellcheck 37 unbloat-docs (4), skillet (3), repository-quality-improver (3), mattpocock/impeccable skills-reviewer (2 each)
expression 3 skillet.lock.yml (pre_activation property-not-defined ×3)

Shellcheck breakdown: SC2016 (21, awk single-quote FPs), SC2038 (6), SC2086 (5), SC2034 (2), SC2188/SC2129/SC2005 (1 each).

Runner-Guard Taint Analysis Findings

Rule ID Name Severity Count Affected Workflows
RGS-004 Comment-Triggered Workflow Without Author Auth Check high 305 q, dev-hawk, ai-moderator (.lock.yml)
RGS-012 Secret Exfiltration via Outbound HTTP Request high 11 daily-model-inventory, daily-byok-ollama-test, visual-regression-checker, docs-noob-tester, daily-multi-device-docs-tester
RGS-018 Suspicious Payload Execution Pattern high 6 smoke-codex, smoke-claude, daily-sentrux-report, daily-cli-performance, daily-byok-ollama-test, copilot-setup-steps
RGS-005 Excessive Permissions on Untrusted Trigger medium 8 ai-moderator, q, agentic_commands
RGS-019 Step Output Interpolated in run Block medium 2 windows-cli-integration, error-message-lint
RGS-007 Unpinned Third-Party Action Using Mutable Tag medium 1 publish-safe-outputs-node

Issues created this run: none. All high-severity runner-guard findings (RGS-004, RGS-012, RGS-018) map — by rule ID and affected file — to previously closed issues that were reviewed and accepted. Per the dedup policy (closed rule+file ⇒ skip) and meta-issue #31043 (which documents daily re-filing of these exact findings as a bug), no new issues were created and no open issues exist to comment on.

Dedup verification (rule + file → prior closed issue)

Top Priority Issues

1. RGS-004 — Comment-Triggered Workflow Without Author Authorization Check

  • Tool: runner-guard · Severity: High · Count: 305 across 3 workflows
  • Affected: q.lock.yml, dev-hawk.lock.yml, ai-moderator.lock.yml
  • Description: Workflows triggered by issue_comment / workflow_run that access secrets or hold write permissions without verifying the comment author's authorization level before privileged operations.
  • Status: Previously reviewed & closed (see [static-analysis] RGS-004: Comment-Triggered Workflow Without Author Authorization Check (16 workflows) #30284). These are gh-aw agentic command workflows that gate execution through the framework's built-in activation/role checks; runner-guard does not model that indirection. Tracked as accepted FP.

2. zizmor excessive-permissions (Medium) — the only non-FP quality signal worth watching

  • Tool: zizmor · Severity: Medium · Count: 1
  • Affected: dependabot-repair.lock.yml:416:3 (agent job)
  • Impact: Overly broad permissions: on the agent job widens blast radius if the job is compromised. Worth scoping to least-privilege in the source .md.

Fix Suggestion for zizmor excessive-permissions (Medium)

Issue: Overly broad job-level permissions
Severity: Medium
Affected Workflows: 1 (dependabot-repair)

Prompt to Copilot Agent:

You are fixing a security finding identified by zizmor.

Vulnerability: excessive-permissions — overly broad permissions
Rule: excessive-permissions — (docs.zizmor.sh/redacted)

Current Issue:
The agent job in .github/workflows/dependabot-repair.md compiles to a job with
broader GITHUB_TOKEN permissions than it needs. Broad permissions increase the
blast radius if the job (which runs an AI agent over untrusted dependency diffs)
is compromised via prompt injection or a malicious dependency.

Required Fix:
1. Open the SOURCE file .github/workflows/dependabot-repair.md (do NOT edit the
   generated .lock.yml directly — it is regenerated by `gh aw compile`).
2. In its frontmatter `permissions:` block, enumerate only the scopes actually
   used by the workflow's steps and safe-outputs (e.g. contents: read,
   pull-requests: write) and remove any broad grants (avoid write-all / unused
   write scopes).
3. Recompile with `gh aw compile` and confirm the zizmor excessive-permissions
   finding on dependabot-repair.lock.yml clears.

Example:
Before:
```yaml
permissions: write-all

After:

permissions:
  contents: read
  pull-requests: write

<details>
<summary>All Findings Details (representative)</summary>

**dependabot-repair.lock.yml** — zizmor [Medium] excessive-permissions @ 416:3
**smoke-codex.lock.yml** — zizmor [Info] superfluous-actions @ 2281:9
**skillet.lock.yml** — actionlint [expression] property-not-defined (pre_activation) ×3
**smoke-workflow-call{,-with-inputs}.lock.yml** — poutine untrusted_checkout_exec ×5 each (all `# poutine:ignore`)
**q / dev-hawk / ai-moderator .lock.yml** — RGS-004 High (comment-trigger auth) — accepted FP
**daily-byok-ollama-test.lock.yml:450** — RGS-012 + RGS-018 High (ollama install curl|sh)
**copilot-setup-steps.yml:16-17** — RGS-018 High (install-gh-aw.sh curl|bash)
**publish-safe-outputs-node.yml:191** — RGS-007 Medium (unpinned mutable tag)

</details>

### Historical Trends

| Date | zizmor | poutine | actionlint | runner-guard | RG high | RG medium | Grand |
|------|--------|---------|------------|--------------|---------|-----------|-------|
| 2026-06-30 | 553 | 22 | 482 | 330 | 319 | 11 | 1387 |
| 2026-07-01 | 554 | 22 | 482 | 330 | 319 | 11 | 1388 |
| 2026-07-02 | 553 | 22 | 40 | 330 | 319 | 11 | 945 |
| 2026-07-03 | 553 | 22 | 40 | 333 | 322 | 11 | 948 |
| **2026-07-04** | **553** | **22** | **40** | **333** | **322** | **11** | **948** |

- **Previous scan**: 2026-07-03 (948) → **Current**: 2026-07-04 (948) → **Change: 0 (0.0%)**
- **New issue types**: none
- **Resolved issue types**: none
- zizmor **High = 0** sustained (16th+ consecutive day). The 2026-07-02 actionlint drop (482→40) from the `queue` concurrency FP clearing under actionlint 1.7.12 remains stable.

### Recommendations

1. **Immediate**: None required — 0 Critical, and all High runner-guard findings are reviewed/accepted FPs (framework auth indirection / trusted install scripts).
2. **Short-term**: Scope `dependabot-repair` agent-job permissions to least-privilege (only genuine Medium signal, fix prompt above).
3. **Long-term**: Consider runner-guard allowlist/suppression annotations for the RGS-004/012/018 accepted patterns so the daily 322 High count stops masking any genuinely new High finding.
4. **Prevention**: The dedup-by-rule+file behaviour requested in #31043 is now honoured by this report (0 duplicate issues filed).

### Next Steps

- [ ] Scope `dependabot-repair.md` job permissions (zizmor Medium)
- [ ] Add runner-guard suppressions for accepted RGS-004/012/018 patterns to unmask future genuine High findings
- [ ] Keep monitoring zizmor High = 0 streak
- [ ] No action on poutine/actionlint findings (all known FPs / by-design)

**References:**
- [§28696870993](https://github.com/github/gh-aw/actions/runs/28696870993)




> Generated by [📊 Static Analysis Report](https://github.com/github/gh-aw/actions/runs/28696870993) · 216.6 AIC · ⌖ 27.9 AIC · ⊞ 10K · [◷](https://github.com/search?q=repo%3Agithub%2Fgh-aw+is%3Aissue+%22gh-aw-workflow-call-id%3A+github%2Fgh-aw%2Fstatic-analysis-report%22&type=issues)
> - [x] expires <!-- gh-aw-expires: 2026-07-11T06:06:11.339Z --> on Jul 10, 2026, 10:06 PM UTC-08:00

<!-- gh-aw-agentic-workflow: Static Analysis Report, engine: claude, model: agent, id: 28696870993, workflow_id: static-analysis-report, run: https://github.com/github/gh-aw/actions/runs/28696870993 -->

<!-- gh-aw-workflow-id: static-analysis-report -->
<!-- gh-aw-workflow-call-id: github/gh-aw/static-analysis-report -->

Metadata

Metadata

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions