https://github.com/sindresorhus/is-up ·
lang: javascript ·
LOC: ·
source: user_submitted
| Rule | Severity | Count |
|---|---|---|
MINED115 GitHub Action pinned to mutable ref (not 40-char SHA) |
high | 2 |
SEC029 Server-Side Request Forgery (SSRF) — outbound HTTP from use… |
high | 1 |
CORE_NO_TESTS No test files found |
high | 1 |
CORE_NO_TESTS
No test files found
No test files foundMINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/main.yml:15
· conf 0.90
[MINED115] Action `actions/checkout` pinned to mutable ref `@v2`: `uses: actions/checkout@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/main.yml:16
· conf 0.90
[MINED115] Action `actions/setup-node` pinned to mutable ref `@v2`: `uses: actions/setup-node@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the …SEC029
Server-Side Request Forgery (SSRF) — outbound HTTP from user input
index.js:10
· conf 1.00
[SEC029] Server-Side Request Forgery (SSRF) — outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.25…Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/11646c0f-12b1-42f5-94c5-c6dbac79cc89/.