Skip to content

Security Audit & Remediation: quickstart-testing monorepo #116

Security Audit & Remediation: quickstart-testing monorepo

Security Audit & Remediation: quickstart-testing monorepo #116

Triggered via pull request June 30, 2026 21:02
@inlinedinlined
synchronize #464
Status Failure
Total duration 47s
Artifacts 2

github_actions_scan.yml Required

on: pull_request_target
check-changes
4s
check-changes
zizmor-config
9s
zizmor-config
zizmor-scan
11s
zizmor-scan
zizmor-output
12s
zizmor-output
zizmor-upload
3s
zizmor-upload
Fit to window
Zoom out
Zoom in

Annotations

8 errors and 3 warnings
zizmor-output
Process completed with exit code 1.
zizmor/unpinned-uses: .github/workflows/test.yml#L24
unpinned action reference: action is not pinned to a hash (required by blanket policy)
zizmor/unpinned-uses: .github/workflows/test.yml#L19
unpinned action reference: action is not pinned to a hash (required by blanket policy)
zizmor/unpinned-uses: .github/workflows/test.yml#L18
unpinned action reference: action is not pinned to a hash (required by blanket policy)
zizmor-output
Found 3 findings for mandatory checks that must always succeed.
unpinned-uses: .github/workflows/test.yml#L24
test.yml:24: unpinned action reference: action is not pinned to a hash (required by blanket policy)
unpinned-uses: .github/workflows/test.yml#L19
test.yml:19: unpinned action reference: action is not pinned to a hash (required by blanket policy)
unpinned-uses: .github/workflows/test.yml#L18
test.yml:18: unpinned action reference: action is not pinned to a hash (required by blanket policy)
zizmor-config
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: google-github-actions/auth@c200f3691d83b41bf9bbd8638997a462592937ed. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
zizmor-upload
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: google-github-actions/auth@c200f3691d83b41bf9bbd8638997a462592937ed. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
excessive-permissions: .github/workflows/test.yml#L11
test.yml:11: overly broad permissions: default permissions used due to no permissions: block

Artifacts

Produced during runtime
Name Size Digest
zizmor Expired
2.38 KB
sha256:c181eaa248c5d54409b9a19587b039240eccae2e9ab7bf8da04e7d77bf9f2b7f
zizmor-config Expired
295 Bytes
sha256:2146d2ec3bb78889bafaaabc3caa537f7e61592e23830d1ee4eb33f72ceab767