security(studio): allowlist Studio variable-values endpoint #996
security.yml
on: pull_request
Secret Detection (Gitleaks)
14s
Dependency Scan
44s
Static Analysis (Semgrep)
2m 25s
API Auth Audit
6s
Container Scan (Trivy)
Annotations
10 warnings
|
API Auth Audit
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/checkout@v4. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
Secret Detection (Gitleaks)
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/checkout@v4, github/codeql-action/upload-sarif@v3. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
Secret Detection (Gitleaks)
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
|
|
Dependency Scan
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/checkout@v4. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
Dependency Scan
pip-audit found vulnerabilities (see output above)
|
|
Dependency Scan
Fiona/GDAL excluded (require native GDAL/libgdal-dev build dependencies)
|
|
|
|
Dependency Scan
Skipping VCS/URL dependencies (cannot be audited):
|
|
Static Analysis (Semgrep)
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/checkout@v4, github/codeql-action/upload-sarif@v3. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
Static Analysis (Semgrep)
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
|