Update

[gedaskr-br]

No description provided.

[github-actions]

🔍 YAML Linting Results

⚠️ Found 2131 YAML linting issues

Issues found:

1. ./template.gitlab.gitlab-ci.yml:1:1: [warning] missing document start "---" (document-start)
2. ./template.gitlab.gitlab-ci.yml:4:21: [error] trailing spaces (trailing-spaces)
3. ./template.gitlab.gitlab-ci.yml:29:81: [error] line too long (114 > 80 characters) (line-length)
4. ./template.gitlab.gitlab-ci.yml:37:81: [error] line too long (381 > 80 characters) (line-length)
5. ./template.gitlab.gitlab-ci.yml:54:81: [error] line too long (135 > 80 characters) (line-length)
6. ./template.gitlab.gitlab-ci.yml:55:81: [error] line too long (82 > 80 characters) (line-length)
7. ./template.gitlab.gitlab-ci.yml:58:81: [error] line too long (129 > 80 characters) (line-length)
8. ./template.gitlab.gitlab-ci.yml:62:81: [error] line too long (136 > 80 characters) (line-length)
9. ./template.gitlab.gitlab-ci.yml:92:81: [error] line too long (142 > 80 characters) (line-length)
10. ./template.gitlab.gitlab-ci.yml:93:81: [error] line too long (82 > 80 characters) (line-length)
    ... and 2121 more issues

💡 Run yamllint . locally to see all issues.

[github-actions]

🔍 Security Scan Report

Summary

• Total Issues Found: 29
• Scan Date: Tue Feb 24 11:18:39 UTC 2026
• Files Scanned: 7

🚨 Critical Security Issues

📁 branch_workflow.yaml

• Line 115:
  • Using input or workflow parameters in here-scripts can lead to command injection or code injection. Convert the parameters to env variables instead.

📁 branch_workflow.yaml

• Line 205:
  • Using input or workflow parameters in here-scripts can lead to command injection or code injection. Convert the parameters to env variables instead.

📁 branch_workflow.yaml

• Line 266:
  • Using input or workflow parameters in here-scripts can lead to command injection or code injection. Convert the parameters to env variables instead.

📁 branch_workflow.yaml

• Line 334:
  • Using input or workflow parameters in here-scripts can lead to command injection or code injection. Convert the parameters to env variables instead.

📁 branch_workflow.yaml

• Line 564:
  • Using input or workflow parameters in here-scripts can lead to command injection or code injection. Convert the parameters to env variables instead.

📁 branch_workflow.yaml

• Line 899:
  • Using input or workflow parameters in here-scripts can lead to command injection or code injection. Convert the parameters to env variables instead.

📁 branch_workflow.yaml

• Line 1223:
  • Using input or workflow parameters in here-scripts can lead to command injection or code injection. Convert the parameters to env variables instead.

📁 main_workflow.yaml

• Line 200:
  • Using input or workflow parameters in here-scripts can lead to command injection or code injection. Convert the parameters to env variables instead.

📁 main_workflow.yaml

• Line 295:
  • Using input or workflow parameters in here-scripts can lead to command injection or code injection. Convert the parameters to env variables instead.

📁 main_workflow.yaml

• Line 405:
  • Using input or workflow parameters in here-scripts can lead to command injection or code injection. Convert the parameters to env variables instead.

📁 main_workflow.yaml

• Line 1148:
  • Using input or workflow parameters in here-scripts can lead to command injection or code injection. Convert the parameters to env variables instead.

📁 main_workflow.yaml

• Line 1612:
  • Using input or workflow parameters in here-scripts can lead to command injection or code injection. Convert the parameters to env variables instead.

📁 main_workflow.yaml

• Line 2214:
  • Using input or workflow parameters in here-scripts can lead to command injection or code injection. Convert the parameters to env variables instead.

📁 main_workflow.yaml

• Line 2609:
  • Using input or workflow parameters in here-scripts can lead to command injection or code injection. Convert the parameters to env variables instead.

📁 main_workflow.yaml

• Line 3114:
  • Using input or workflow parameters in here-scripts can lead to command injection or code injection. Convert the parameters to env variables instead.

📁 main_workflow.yaml

• Line 3552:
  • Using input or workflow parameters in here-scripts can lead to command injection or code injection. Convert the parameters to env variables instead.

📁 main_workflow.yaml

• Line 3788:
  • Using input or workflow parameters in here-scripts can lead to command injection or code injection. Convert the parameters to env variables instead.

📁 mr_e2e_workflow.yaml

• Line 171:
  • Using input or workflow parameters in here-scripts can lead to command injection or code injection. Convert the parameters to env variables instead.

📁 mr_e2e_workflow.yaml

• Line 262:
  • Using input or workflow parameters in here-scripts can lead to command injection or code injection. Convert the parameters to env variables instead.

📁 mr_e2e_workflow.yaml

• Line 355:
  • Using input or workflow parameters in here-scripts can lead to command injection or code injection. Convert the parameters to env variables instead.

📁 mr_e2e_workflow.yaml

• Line 451:
  • Using input or workflow parameters in here-scripts can lead to command injection or code injection. Convert the parameters to env variables instead.

📁 mr_e2e_workflow.yaml

• Line 922:
  • Using input or workflow parameters in here-scripts can lead to command injection or code injection. Convert the parameters to env variables instead.

📁 mr_e2e_workflow.yaml

• Line 1741:
  • Using input or workflow parameters in here-scripts can lead to command injection or code injection. Convert the parameters to env variables instead.

📁 mr_e2e_workflow.yaml

• Line 2227:
  • Using input or workflow parameters in here-scripts can lead to command injection or code injection. Convert the parameters to env variables instead.

📁 mr_e2e_workflow.yaml

• Line 2777:
  • Using input or workflow parameters in here-scripts can lead to command injection or code injection. Convert the parameters to env variables instead.

📁 mr_e2e_workflow.yaml

• Line 3178:
  • Using input or workflow parameters in here-scripts can lead to command injection or code injection. Convert the parameters to env variables instead.

📁 mr_e2e_workflow.yaml

• Line 3574:
  • Using input or workflow parameters in here-scripts can lead to command injection or code injection. Convert the parameters to env variables instead.

📁 mr_e2e_workflow.yaml

• Line 3930:
  • Using input or workflow parameters in here-scripts can lead to command injection or code injection. Convert the parameters to env variables instead.

📁 template.github.argo-workflows.yml

• Line 122:
  • Using variable interpolation ${{...}} with github context data in a run: step could allow an attacker to inject their own code into the runner. This would allow them to steal secrets and code. github context data can have arbitrary user input and should be treated as untrusted. Instead, use an intermediate environment variable with env: to store the data and use the environment variable in the run: script. Be sure to use double-quotes the environment variable, like this: "$ENVVAR".

🔧 Recommendations

1. Command Injection: Convert workflow parameters to environment variables
2. Input Validation: Validate all user inputs before using in commands
3. Secret Management: Use secure secret management practices
4. Code Review: Review all identified issues before deployment

📋 Scan Details

• Tool: Semgrep Community Rules
• Rules Applied: Security Audit, Secrets Detection, OWASP Top 10
• Severity Level: ERROR (Critical)

[github-actions]

🔍 Security Scan Summary

Scans completed:

• ✅ Semgrep static analysis
• ✅ YAML linting

⚠️ Some security scans found issues

Please review the individual scan comments above for details.

🔗 View detailed results in the Security tab