Skip to content

fix: issues on ci.yml and style.yml

GitHub Advanced Security / Scorecard failed Nov 1, 2024 in 4s

1 configuration not found

Warning: Code scanning may not have found all the alerts introduced by this pull request, because 1 configuration present on refs/heads/main was not found:

Actions workflow (scorecard.yml)

  • ❓  supply-chain/branch-protection

New alerts in code changed by this pull request

Security Alerts:

  • 5 high
  • 9 medium

See annotations below for details.

View all branch alerts.

Annotations

Check failure on line 68 in .github/workflows/ci.yml

See this annotation in the file changed.

Code scanning / Scorecard

Token-Permissions High

score is 0: jobLevel 'contents' permission set to 'write'
Remediation tip: Visit https://app.stepsecurity.io/secureworkflow.
Tick the 'Restrict permissions for GITHUB_TOKEN'
Untick other options
NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead.
Click Remediation section below for further remediation help

Check failure on line 98 in .github/workflows/ci.yml

See this annotation in the file changed.

Code scanning / Scorecard

Token-Permissions High

score is 0: jobLevel 'contents' permission set to 'write'
Remediation tip: Visit https://app.stepsecurity.io/secureworkflow.
Tick the 'Restrict permissions for GITHUB_TOKEN'
Untick other options
NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead.
Click Remediation section below for further remediation help

Check warning on line 117 in .github/workflows/ci.yml

See this annotation in the file changed.

Code scanning / Scorecard

Pinned-Dependencies Medium

score is 3: pipCommand not pinned by hash
Click Remediation section below to solve this issue

Check warning on line 118 in .github/workflows/ci.yml

See this annotation in the file changed.

Code scanning / Scorecard

Pinned-Dependencies Medium

score is 3: pipCommand not pinned by hash
Click Remediation section below to solve this issue

Check failure on line 159 in .github/workflows/ci.yml

See this annotation in the file changed.

Code scanning / Scorecard

Token-Permissions High

score is 0: jobLevel 'security-events' permission set to 'write'
Remediation tip: Visit https://app.stepsecurity.io/secureworkflow.
Tick the 'Restrict permissions for GITHUB_TOKEN'
Untick other options
NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead.
Click Remediation section below for further remediation help

Check warning on line 181 in .github/workflows/ci.yml

See this annotation in the file changed.

Code scanning / Scorecard

Pinned-Dependencies Medium

score is 3: pipCommand not pinned by hash
Click Remediation section below to solve this issue

Check warning on line 182 in .github/workflows/ci.yml

See this annotation in the file changed.

Code scanning / Scorecard

Pinned-Dependencies Medium

score is 3: pipCommand not pinned by hash
Click Remediation section below to solve this issue

Check failure on line 317 in .github/workflows/ci.yml

See this annotation in the file changed.

Code scanning / Scorecard

Token-Permissions High

score is 0: jobLevel 'security-events' permission set to 'write'
Remediation tip: Visit https://app.stepsecurity.io/secureworkflow.
Tick the 'Restrict permissions for GITHUB_TOKEN'
Untick other options
NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead.
Click Remediation section below for further remediation help

Check warning on line 343 in .github/workflows/ci.yml

See this annotation in the file changed.

Code scanning / Scorecard

Pinned-Dependencies Medium

score is 3: pipCommand not pinned by hash
Click Remediation section below to solve this issue

Check warning on line 344 in .github/workflows/ci.yml

See this annotation in the file changed.

Code scanning / Scorecard

Pinned-Dependencies Medium

score is 3: pipCommand not pinned by hash
Click Remediation section below to solve this issue

Check warning on line 376 in .github/workflows/ci.yml

See this annotation in the file changed.

Code scanning / Scorecard

Pinned-Dependencies Medium

score is 3: third-party GitHubAction not pinned by hash
Click Remediation section below to solve this issue

Check warning on line 389 in .github/workflows/ci.yml

See this annotation in the file changed.

Code scanning / Scorecard

Pinned-Dependencies Medium

score is 3: third-party GitHubAction not pinned by hash
Click Remediation section below to solve this issue

Check warning on line 519 in .github/workflows/ci.yml

See this annotation in the file changed.

Code scanning / Scorecard

Pinned-Dependencies Medium

score is 3: GitHub-owned GitHubAction not pinned by hash
Click Remediation section below to solve this issue

Check failure on line 546 in .github/workflows/ci.yml

See this annotation in the file changed.

Code scanning / Scorecard

Token-Permissions High

score is 0: jobLevel 'security-events' permission set to 'write'
Remediation tip: Visit https://app.stepsecurity.io/secureworkflow.
Tick the 'Restrict permissions for GITHUB_TOKEN'
Untick other options
NOTE: If you want to resolve multiple issues at once, you can visit https://app.stepsecurity.io/securerepo instead.
Click Remediation section below for further remediation help