Skip to content

Harden runner egress policy improvement #694

Harden runner egress policy improvement

Harden runner egress policy improvement #694

Triggered via pull request February 11, 2024 04:53
Status Success
Total duration 3m 19s
Artifacts 1

analysis.yml

on: pull_request
Scorecards  /  Security Scorecards
46s
Scorecards / Security Scorecards
Sonatype Nancy  /  Sonatype Nancy
22s
Sonatype Nancy / Sonatype Nancy
Semgrep Scan  /  semgrep
28s
Semgrep Scan / semgrep
Dependency Review  /  Scan dependencies for license compliance
21s
Dependency Review / Scan dependencies for license compliance
Trivy  /  Filesystem
38s
Trivy / Filesystem
Trivy  /  Container
0s
Trivy / Container
FOSSA  /  Find license compliance and security issues
FOSSA / Find license compliance and security issues
Matrix: CodeQL
Fit to window
Zoom out
Zoom in

Annotations

2 errors and 8 warnings
Dependency Review / Scan dependencies for license compliance
StepSecurity Harden Runner: DNS resolution for domain results-receiver.actions.githubusercontent.com. was blocked. This domain is not in the list of allowed-endpoints.
Scorecards / Security Scorecards
StepSecurity Harden Runner: Reverting agent since allowed endpoint *.blob.core.windows.net could not be resolved
Dependency Review / Scan dependencies for license compliance
Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776, actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab, actions/dependency-review-action@c090f4e553673e6e505ea70d6a95362ee12adb94. For more information see: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/.
Dependency Review / Scan dependencies for license compliance
Failed to save: reserveCache failed: connect ECONNREFUSED 54.185.253.63:443
Sonatype Nancy / Sonatype Nancy
Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423, actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab, actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753. For more information see: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/.
Semgrep Scan / semgrep
Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776, actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab. For more information see: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/.
Trivy / Filesystem
Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776, actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab, actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce, github/codeql-action/upload-sarif@c3b6fce4ee2ca25bc1066aa3bf73962fda0e8898. For more information see: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/.
Scorecards / Security Scorecards
Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776, actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab, actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce, github/codeql-action/upload-sarif@c3b6fce4ee2ca25bc1066aa3bf73962fda0e8898. For more information see: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/.
CodeQL (go) / CodeQL Analysis
Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: step-security/harden-runner@1f99358870fe1c846a3ccba386cc2b2246836776, actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab, github/codeql-action/init@f0a12816612c7306b485a22cb164feb43c6df818, github/codeql-action/autobuild@f0a12816612c7306b485a22cb164feb43c6df818, github/codeql-action/analyze@f0a12816612c7306b485a22cb164feb43c6df818. For more information see: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/.
CodeQL (go) / CodeQL Analysis
The "paths"/"paths-ignore" fields of the config only have effect for JavaScript, Python, and Ruby

Artifacts

Produced during runtime
Name Size
SARIF file Expired
75.8 KB