fix: Magic numbers for thresholds without configuration #214
mrwind-up-birdsecurity-audit.yml
on: pull_request
Detect Languages
/
Detect Languages
7s
Secrets
/
Secret Detection
46s
Go SAST
/
Gosec Security Scan
2m 15s
Common SAST
/
Semgrep SAST
17s
Dependencies
/
Dependency Scan
1m 42s
Python SAST
/
Bandit Security Scan
Security Gate
/
Security Gate
4s
Annotations
1 error, 11 warnings, and 1 notice
|
Security Gate / Security Gate
Unhandled error: HttpError: Resource not accessible by integration
|
|
Detect Languages / Detect Languages
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/checkout@v4. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
Common SAST / Semgrep SAST
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/checkout@v4, actions/upload-artifact@v4. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
Go SAST / Gosec Security Scan
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/checkout@v4, actions/setup-go@v5, actions/upload-artifact@v4. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
Go SAST / Gosec Security Scan
16 MEDIUM severity gosec finding(s)
|
|
Dependencies / Dependency Scan
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/checkout@v4, actions/setup-go@v5, actions/upload-artifact@v4. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
Dependencies / Dependency Scan
69 non-permissive license(s) found
|
|
Dependencies / Dependency Scan
4 HIGH vulnerability(ies) found
|
|
Secrets / Secret Detection
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/checkout@v4, actions/setup-go@v5, actions/upload-artifact@v4. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
Secrets / Secret Detection
CKB generated invalid SARIF (missing results array)
|
|
Security Gate / Security Gate
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/download-artifact@v4, actions/github-script@v7. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
Security Gate / Security Gate
Security gate passed with warnings: 32 issue(s)
|
|
Detect Languages / Detect Languages
Detected Go (go.mod)
|
Artifacts
Produced during runtime
| Name | Size | Digest | |
|---|---|---|---|
|
dependency-scan-results
Expired
|
101 KB |
sha256:de931f6e8ce6e094e79420dd1c88b07444e2a607965497c4269796ffdacc3ea9
|
|
|
gosec-results
Expired
|
3.57 KB |
sha256:bb307c3bd37e678964337872e813bd27d4fa4b71c6914323c9985c5badd37483
|
|
|
secret-scan-results
Expired
|
520 Bytes |
sha256:f3060c39e41743d2966b08ba504ab560d5ea8e1a41de7e7283f6d9f99c002944
|
|