You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
New GitHub issues created: 0 (all high-severity runner-guard rule+file combos already tracked by closed issues β see Runner-Guard section)
Findings by Tool
Tool
Total
Critical
High
Medium
Low
Info
zizmor (security)
550
0
0
1
279
270
poutine (supply chain)
20
0
8 err
1 warn
β
11 note
actionlint (linting)
469
β
β
β
β
β
runner-guard (taint)
332
0
318
14
0
0
No Critical findings from any tool. zizmor High has been 0 for 7 consecutive days. Runner-guard "high" volume is dominated by RGS-004 (302) concentrated in 3 comment-triggered workflows.
Clustered Findings by Tool and Type
Zizmor Security Findings
Issue Type
Severity
Count
Notes
template-injection
Informational
269
gh-aw step-name ${{ }} expansion β by design
adhoc-packages
Low
246
CLI/agent installs (npm i -g, binaries) β by design
obfuscation
Low
29
${{ '' }} empty-string placeholders in generated env
template-injection
Low
4
β
excessive-permissions
Medium
1
only remaining Medium
superfluous-actions
Informational
1
β
Poutine Supply Chain Findings
Issue Type
Level
Count
Affected
untrusted_checkout_exec
error
8
smoke-workflow-call.lock.yml, smoke-workflow-call-with-inputs.lock.yml β all carry poutine:ignore (known FPs)
Dedup result: All high-severity runner-guard rule+file combinations (RGS-004, RGS-012, RGS-018) already map to closed GitHub issues β verified this run via gh api search/issues:
Per the dedup policy (a closed issue for the same rule + file β skip; do not recreate), 0 new issues are created and 0 comments are added. The only open [static-analysis] issue is #40977 (yesterday's daily report). RGS-005/007/019 are Medium severity and below the issue-creation threshold (Critical/High only).
Top Priority Issue
RGS-004 β Comment-Triggered Workflow Without Author Authorization Check
Tool: runner-guard Β· Severity: high Β· Count: 302 (94% of runner-guard high volume)
Description: Workflows triggered by issue_comment / pull_request_review_comment / workflow_run that access secrets or have write permissions without verifying github.event.comment.author_association.
Impact: Any external user could trigger privileged operations by commenting β if the guard were missing.
You are fixing a supply-chain finding (RGS-007) from runner-guard.
Vulnerability: Third-party GitHub Actions are referenced by mutable tags. Mutable tags
(`@v2`, `@v4`.1.0, ...) can be force-pushed to a malicious commit at any time, so the workflow
may execute attacker code without review. Only full 40-char commit SHAs are immutable.
Pin each third-party action to its commit SHA, keeping the version as a trailing comment:
- .github/workflows/publish-safe-outputs-node.yml
docker/login-action@v4.2.0 -> docker/login-action@<sha> # v4.2.0
docker/setup-buildx-action@v4.1.0 -> docker/setup-buildx-action@<sha> # v4.1.0
- .github/workflows/aoai-endpoint-smoke-test.yml
azure/login@v2 -> azure/login@<sha> # v2
Resolve each SHA from the action's release tag
(`gh api repos/<owner>/<repo>/git/refs/tags/<tag>`), update the `uses:` lines,
change no behaviour, and re-run `gh aw compile` if any lock files are regenerated.
Example:
Before: uses: docker/login-action@v4.2.0
After: uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v4.2.0
poutine flat: identical rule mix; untrusted_checkout_exec all poutine:ignore-annotated.
actionlint +2: syntax-check 413β415 (still the queue extension false positive on all lock files).
runner-guard flat: identical rule+file mix, zero new combos β no new issues.
New issue types: none. Resolved issue types: none.
Recommendations
Immediate: None outstanding β no Critical findings; all High runner-guard combos already triaged + closed.
Short-term (genuinely actionable): Pin the 4 RGS-007 mutable-tag actions to SHAs (fix prompt above). Optional: review RGS-019 step-output interpolation in error-message-lint.yml and windows-cli-integration.yml.
Tooling hygiene: Suppress the bundled-actionlint queue false positive (415 findings) β e.g. configure actionlint to recognise the gh-aw queue: concurrency extension β so real linting regressions are not buried.
Long-term: Keep static analysis in CI; teach runner-guard about the centralized author_association guard to cut RGS-004 noise (302 findings) at source.
No action required for RGS-004/012/018 β tracked + closed
Methodology & data provenance
Parsed from /tmp/gh-aw/agent/compile-output.txt (compile of 251 workflows with zizmor/poutine/actionlint/runner-guard). Counts extracted by rule + severity + affected file. Dedup performed live via gh api search/issues. Scan data persisted to cache-memory/security-scans/2026-06-24.json and index.json (33 scans tracked).
π Static Analysis Report β 2026-06-24
Analysis Summary
Findings by Tool
Clustered Findings by Tool and Type
Zizmor Security Findings
${{ }}expansion β by designnpm i -g, binaries) β by design${{ '' }}empty-string placeholders in generated envPoutine Supply Chain Findings
poutine:ignore(known FPs)curl | sh)Actionlint Linting Issues
queue:concurrency extension; affects all 251 lock filesactivation,pre_activation,activated, ...)vulnerability-alertsunknown scopeRunner-Guard Taint Analysis Findings
Issues created: none.
Dedup result: All high-severity runner-guard rule+file combinations (RGS-004, RGS-012, RGS-018) already map to closed GitHub issues β verified this run via
gh api search/issues:Per the dedup policy (a closed issue for the same rule + file β skip; do not recreate), 0 new issues are created and 0 comments are added. The only open
[static-analysis]issue is #40977 (yesterday's daily report). RGS-005/007/019 are Medium severity and below the issue-creation threshold (Critical/High only).Top Priority Issue
RGS-004 β Comment-Triggered Workflow Without Author Authorization Check
issue_comment/pull_request_review_comment/workflow_runthat access secrets or have write permissions without verifyinggithub.event.comment.author_association.author_associationgating in theirpre_activationjobs (see closed fix fix(rgs-004): add author_association guard to pre_activation jobs for comment-triggered workflowsΒ #29481); runner-guard flags everyrun:block in the lock file rather than recognising the centralized upstream guard. Tracked + reviewed + closed repeatedly. Treated as a known low-actionability pattern.Fix Suggestion β RGS-007 (genuinely actionable, hand-authored files)
Selected because it is a real fix on source
.ymlfiles (not generated lock files) and has no existing issue.Issue: Third-party actions pinned to mutable tags. Severity: Medium. Affected: 2 workflows, 4 references.
Prompt to Copilot Agent:
Historical Trends
adhoc-packages262β246 (β16),template-injection(Info) 273β269 (β4). High remains 0 (7th straight day).untrusted_checkout_execallpoutine:ignore-annotated.syntax-check413β415 (still thequeueextension false positive on all lock files).New issue types: none. Resolved issue types: none.
Recommendations
error-message-lint.ymlandwindows-cli-integration.yml.queuefalse positive (415 findings) β e.g. configure actionlint to recognise the gh-awqueue:concurrency extension β so real linting regressions are not buried.author_associationguard to cut RGS-004 noise (302 findings) at source.Next Steps
queue:concurrency key (clears 415 FPs)Methodology & data provenance
Parsed from
/tmp/gh-aw/agent/compile-output.txt(compile of 251 workflows with zizmor/poutine/actionlint/runner-guard). Counts extracted by rule + severity + affected file. Dedup performed live viagh api search/issues. Scan data persisted tocache-memory/security-scans/2026-06-24.jsonandindex.json(33 scans tracked).References: