Supported misconfiguration detectors
The following are the misconfiguration detectors available, categorized by family / tool.
CI/ CD Security
-
CI/CD argument values should not flow directly into workflows
-
Secrets used in workflows should not be echoed in the console
-
Secrets and Credentials at organization level should not widely shared
-
Secrets should be stored explicitly as encrypted GitHub Actions Secrets
-
Potential injected malicious code into files referenced by the pipeline configuration file
-
Pull Requests do not execute the pipelines modifications that they include