Update

[gedaskr-br]

No description provided.

[github-actions]

🔍 YAML Linting Results

⚠️ Found 2128 YAML linting issues

Issues found:

1. ./template.gitlab.gitlab-ci.yml:1:1: [warning] missing document start "---" (document-start)
2. ./template.gitlab.gitlab-ci.yml:4:21: [error] trailing spaces (trailing-spaces)
3. ./template.gitlab.gitlab-ci.yml:29:81: [error] line too long (114 > 80 characters) (line-length)
4. ./template.gitlab.gitlab-ci.yml:37:81: [error] line too long (381 > 80 characters) (line-length)
5. ./template.gitlab.gitlab-ci.yml:54:81: [error] line too long (135 > 80 characters) (line-length)
6. ./template.gitlab.gitlab-ci.yml:55:81: [error] line too long (82 > 80 characters) (line-length)
7. ./template.gitlab.gitlab-ci.yml:58:81: [error] line too long (129 > 80 characters) (line-length)
8. ./template.gitlab.gitlab-ci.yml:62:81: [error] line too long (136 > 80 characters) (line-length)
9. ./template.gitlab.gitlab-ci.yml:92:81: [error] line too long (142 > 80 characters) (line-length)
10. ./template.gitlab.gitlab-ci.yml:93:81: [error] line too long (82 > 80 characters) (line-length)
    ... and 2118 more issues

💡 Run yamllint . locally to see all issues.

[github-actions]

🔍 Security Scan Report

Summary

• Total Issues Found: 29
• Scan Date: Mon Nov 3 18:03:50 UTC 2025
• Files Scanned: 7

🚨 Critical Security Issues

📁 branch_workflow.yaml

• Line 115:
  • Using input or workflow parameters in here-scripts can lead to command injection or code injection. Convert the parameters to env variables instead.

📁 branch_workflow.yaml

• Line 205:
  • Using input or workflow parameters in here-scripts can lead to command injection or code injection. Convert the parameters to env variables instead.

📁 branch_workflow.yaml

• Line 266:
  • Using input or workflow parameters in here-scripts can lead to command injection or code injection. Convert the parameters to env variables instead.

📁 branch_workflow.yaml

• Line 334:
  • Using input or workflow parameters in here-scripts can lead to command injection or code injection. Convert the parameters to env variables instead.

📁 branch_workflow.yaml

• Line 564:
  • Using input or workflow parameters in here-scripts can lead to command injection or code injection. Convert the parameters to env variables instead.

📁 branch_workflow.yaml

• Line 899:
  • Using input or workflow parameters in here-scripts can lead to command injection or code injection. Convert the parameters to env variables instead.

📁 branch_workflow.yaml

• Line 1223:
  • Using input or workflow parameters in here-scripts can lead to command injection or code injection. Convert the parameters to env variables instead.

📁 main_workflow.yaml

• Line 200:
  • Using input or workflow parameters in here-scripts can lead to command injection or code injection. Convert the parameters to env variables instead.

📁 main_workflow.yaml

• Line 295:
  • Using input or workflow parameters in here-scripts can lead to command injection or code injection. Convert the parameters to env variables instead.

📁 main_workflow.yaml

• Line 405:
  • Using input or workflow parameters in here-scripts can lead to command injection or code injection. Convert the parameters to env variables instead.

📁 main_workflow.yaml

• Line 1148:
  • Using input or workflow parameters in here-scripts can lead to command injection or code injection. Convert the parameters to env variables instead.

📁 main_workflow.yaml

• Line 1607:
  • Using input or workflow parameters in here-scripts can lead to command injection or code injection. Convert the parameters to env variables instead.

📁 main_workflow.yaml

• Line 2209:
  • Using input or workflow parameters in here-scripts can lead to command injection or code injection. Convert the parameters to env variables instead.

📁 main_workflow.yaml

• Line 2601:
  • Using input or workflow parameters in here-scripts can lead to command injection or code injection. Convert the parameters to env variables instead.

📁 main_workflow.yaml

• Line 3106:
  • Using input or workflow parameters in here-scripts can lead to command injection or code injection. Convert the parameters to env variables instead.

📁 main_workflow.yaml

• Line 3544:
  • Using input or workflow parameters in here-scripts can lead to command injection or code injection. Convert the parameters to env variables instead.

📁 main_workflow.yaml

• Line 3780:
  • Using input or workflow parameters in here-scripts can lead to command injection or code injection. Convert the parameters to env variables instead.

📁 mr_e2e_workflow.yaml

• Line 171:
  • Using input or workflow parameters in here-scripts can lead to command injection or code injection. Convert the parameters to env variables instead.

📁 mr_e2e_workflow.yaml

• Line 262:
  • Using input or workflow parameters in here-scripts can lead to command injection or code injection. Convert the parameters to env variables instead.

📁 mr_e2e_workflow.yaml

• Line 355:
  • Using input or workflow parameters in here-scripts can lead to command injection or code injection. Convert the parameters to env variables instead.

📁 mr_e2e_workflow.yaml

• Line 451:
  • Using input or workflow parameters in here-scripts can lead to command injection or code injection. Convert the parameters to env variables instead.

📁 mr_e2e_workflow.yaml

• Line 922:
  • Using input or workflow parameters in here-scripts can lead to command injection or code injection. Convert the parameters to env variables instead.

📁 mr_e2e_workflow.yaml

• Line 1741:
  • Using input or workflow parameters in here-scripts can lead to command injection or code injection. Convert the parameters to env variables instead.

📁 mr_e2e_workflow.yaml

• Line 2222:
  • Using input or workflow parameters in here-scripts can lead to command injection or code injection. Convert the parameters to env variables instead.

📁 mr_e2e_workflow.yaml

• Line 2772:
  • Using input or workflow parameters in here-scripts can lead to command injection or code injection. Convert the parameters to env variables instead.

📁 mr_e2e_workflow.yaml

• Line 3173:
  • Using input or workflow parameters in here-scripts can lead to command injection or code injection. Convert the parameters to env variables instead.

📁 mr_e2e_workflow.yaml

• Line 3569:
  • Using input or workflow parameters in here-scripts can lead to command injection or code injection. Convert the parameters to env variables instead.

📁 mr_e2e_workflow.yaml

• Line 3925:
  • Using input or workflow parameters in here-scripts can lead to command injection or code injection. Convert the parameters to env variables instead.

📁 template.github.argo-workflows.yml

• Line 122:
  • Using variable interpolation ${{...}} with github context data in a run: step could allow an attacker to inject their own code into the runner. This would allow them to steal secrets and code. github context data can have arbitrary user input and should be treated as untrusted. Instead, use an intermediate environment variable with env: to store the data and use the environment variable in the run: script. Be sure to use double-quotes the environment variable, like this: "$ENVVAR".

🔧 Recommendations

1. Command Injection: Convert workflow parameters to environment variables
2. Input Validation: Validate all user inputs before using in commands
3. Secret Management: Use secure secret management practices
4. Code Review: Review all identified issues before deployment

📋 Scan Details

• Tool: Semgrep Community Rules
• Rules Applied: Security Audit, Secrets Detection, OWASP Top 10
• Severity Level: ERROR (Critical)

[github-actions]

🔍 Security Scan Summary

Scans completed:

• ✅ Semgrep static analysis
• ✅ YAML linting

⚠️ Some security scans found issues

Please review the individual scan comments above for details.

🔗 View detailed results in the Security tab