Skip to content

security(studio): allowlist Studio variable-values endpoint #996

security(studio): allowlist Studio variable-values endpoint

security(studio): allowlist Studio variable-values endpoint #996

Triggered via pull request June 30, 2026 07:10
Status Success
Total duration 2m 29s
Artifacts

security.yml

on: pull_request
Secret Detection (Gitleaks)
14s
Secret Detection (Gitleaks)
Dependency Scan
44s
Dependency Scan
Static Analysis (Semgrep)
2m 25s
Static Analysis (Semgrep)
API Auth Audit
6s
API Auth Audit
Container Scan (Trivy)
Container Scan (Trivy)
Fit to window
Zoom out
Zoom in

Annotations

10 warnings
API Auth Audit
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/checkout@v4. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
Secret Detection (Gitleaks)
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/checkout@v4, github/codeql-action/upload-sarif@v3. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
Secret Detection (Gitleaks)
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
Dependency Scan
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/checkout@v4. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
Dependency Scan
pip-audit found vulnerabilities (see output above)
Dependency Scan
Fiona/GDAL excluded (require native GDAL/libgdal-dev build dependencies)
Dependency Scan
Skipping VCS/URL dependencies (cannot be audited):
Static Analysis (Semgrep)
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/checkout@v4, github/codeql-action/upload-sarif@v3. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
Static Analysis (Semgrep)
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/