Skip to content

[pre-commit.ci] pre-commit autoupdate #70

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 13, 2025
Merged

[pre-commit.ci] pre-commit autoupdate #70

merged 1 commit into from
Oct 13, 2025

Conversation

@pre-commit-ci
Copy link
Contributor

@pre-commit-ci pre-commit-ci bot commented Oct 13, 2025

@pre-commit-ci
[pre-commit.ci] pre-commit autoupdate
8134d76 
updates:
- [github.com/astral-sh/ruff-pre-commit: v0.13.3 → v0.14.0](astral-sh/ruff-pre-commit@v0.13.3...v0.14.0)
@github-actions
Copy link

github-actions bot commented Oct 13, 2025
edited
Loading

⚠️MegaLinter analysis: Success with warnings

Descriptor Linter Files Fixed Errors Warnings Elapsed time
✅ COPYPASTE jscpd yes no no 1.21s
✅ REPOSITORY devskim yes no no 1.5s
✅ REPOSITORY dustilock yes no no 0.01s
✅ REPOSITORY gitleaks yes no no 0.21s
✅ REPOSITORY git_diff yes no no 0.01s
✅ REPOSITORY grype yes no no 27.38s
⚠️ REPOSITORY kics yes 5 no 1.42s
✅ REPOSITORY secretlint yes no no 1.07s
✅ REPOSITORY syft yes no no 1.98s
✅ REPOSITORY trivy yes no no 7.55s
✅ REPOSITORY trivy-sbom yes no no 0.21s
✅ REPOSITORY trufflehog yes no no 3.73s
✅ SPELL lychee 1 0 0 0.93s
✅ YAML prettier 1 0 0 0.4s
✅ YAML v8r 1 0 0 4.77s
✅ YAML yamllint 1 0 0 0.41s

Detailed Issues

⚠️ REPOSITORY / kics - 5 errors 
MLLLLLM             MLLLLLLLLL   LLLLLLL             KLLLLLLLLLLLLLLLL       LLLLLLLLLLLLLLLLLLLLLLL 
   MMMMMMM           MMMMMMMMMML    MMMMMMMK       LMMMMMMMMMMMMMMMMMMMML   KLMMMMMMMMMMMMMMMMMMMMMMMMM 
   MMMMMMM         MMMMMMMMML       MMMMMMMK     LMMMMMMMMMMMMMMMMMMMMMML  LMMMMMMMMMMMMMMMMMMMMMMMMMMM 
   MMMMMMM      MMMMMMMMMML         MMMMMMMK   LMMMMMMMMMMMMMMMMMMMMMMMML LMMMMMMMMMMMMMMMMMMMMMMMMMMMM 
   MMMMMMM    LMMMMMMMMML           MMMMMMMK  LMMMMMMMMMLLMLLLLLLLLLLLLLL LMMMMMMMLLLLLLLLLLLLLLLLLLLLM 
   MMMMMMM  MMMMMMMMMLM             MMMMMMMK LMMMMMMMM                    LMMMMMML                      
   MMMMMMMLMMMMMMMML                MMMMMMMK MMMMMMML                     LMMMMMMMMLLLLLLLLLLLLLMLL     
   MMMMMMMMMMMMMMMM                 MMMMMMMK MMMMMML                       LMMMMMMMMMMMMMMMMMMMMMMMMML  
   MMMMMMMMMMMMMMMMMM               MMMMMMMK MMMMMMM                         LMMMMMMMMMMMMMMMMMMMMMMMML 
   MMMMMMM KLMMMMMMMMML             MMMMMMMK LMMMMMMM                                          MMMMMMMML
   MMMMMMM    LMMMMMMMMMM           MMMMMMMK LMMMMMMMMLL                                        MMMMMMML
   MMMMMMM      LMMMMMMMMMLL        MMMMMMMK  LMMMMMMMMMMMMMMMMMMMMMMMMML LLLLLLLLLLLLLLLLLLLLMMMMMMMMMM
   MMMMMMM        MMMMMMMMMMML      MMMMMMMK   MMMMMMMMMMMMMMMMMMMMMMMMML LMMMMMMMMMMMMMMMMMMMMMMMMMMMM 
   MMMMMMM          LLMMMMMMMMML    MMMMMMMK     LLMMMMMMMMMMMMMMMMMMMMML LMMMMMMMMMMMMMMMMMMMMMMMMMML  
   MMMMMMM             MMMMMMMMMML  MMMMMMMK         KLMMMMMMMMMMMMMMMMML LMMMMMMMMMMMMMMMMMMMMMMMLK    
                                                                                                            
                                                                                                                                                                                                                                                                                                                        


Scanning with Keeping Infrastructure as Code Secure v2.1.14





Unpinned Actions Full Length Commit SHA, Severity: LOW, Results: 5
Description: Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
Platform: CICD
CWE: 829
Learn more about this vulnerability: https://docs.kics.io/latest/queries/cicd-queries/555ab8f9-2001-455e-a077-f2d0f41e2fb9

	[1]: .github/workflows/megalinter.yml:51

		050:       - name: Lint Code Base
		051:         uses: nvuillam/mega-linter@v9
		052:         env:


	[2]: .github/workflows/awesomebot.yml:16

		015:     - uses: actions/checkout@v5
		016:     - uses: docker://dkhamsing/awesome_bot:latest
		017:       with:


	[3]: .github/workflows/codeql-analysis.yml:71

		070:     - name: Perform CodeQL Analysis
		071:       uses: github/codeql-action/analyze@v3
		072: 


	[4]: .github/workflows/codeql-analysis.yml:57

		056:     - name: Autobuild
		057:       uses: github/codeql-action/autobuild@v3
		058: 


	[5]: .github/workflows/codeql-analysis.yml:46

		045:     - name: Initialize CodeQL
		046:       uses: github/codeql-action/init@v3
		047:       with:



Results Summary:
CRITICAL: 0
HIGH: 0
MEDIUM: 0
LOW: 5
INFO: 0
TOTAL: 5

See detailed reports in MegaLinter artifacts
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

MegaLinter is graciously provided by OX Security

@unixorn unixorn merged commit e005c5c into main Oct 13, 2025
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@unixorn