Skip to content

security(dci): scope notification delivery per subscriber (consent + … #998

security(dci): scope notification delivery per subscriber (consent + …

security(dci): scope notification delivery per subscriber (consent + … #998

Triggered via push June 30, 2026 07:17
Status Success
Total duration 5m 1s
Artifacts

security.yml

on: push
Secret Detection (Gitleaks)
16s
Secret Detection (Gitleaks)
Dependency Scan
55s
Dependency Scan
Static Analysis (Semgrep)
2m 4s
Static Analysis (Semgrep)
API Auth Audit
5s
API Auth Audit
Container Scan (Trivy)
4m 56s
Container Scan (Trivy)
Fit to window
Zoom out
Zoom in

Annotations

12 warnings
API Auth Audit
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/checkout@v4. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
Secret Detection (Gitleaks)
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/checkout@v4, github/codeql-action/upload-sarif@v3. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
Secret Detection (Gitleaks)
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
Dependency Scan
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/checkout@v4. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
Dependency Scan
pip-audit found vulnerabilities (see output above)
Dependency Scan
Fiona/GDAL excluded (require native GDAL/libgdal-dev build dependencies)
Dependency Scan
Skipping VCS/URL dependencies (cannot be audited):
Static Analysis (Semgrep)
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/checkout@v4, github/codeql-action/upload-sarif@v3. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
Static Analysis (Semgrep)
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
Container Scan (Trivy)
Node.js 20 is deprecated. The following actions target Node.js 20 but are being forced to run on Node.js 24: actions/checkout@v4, github/codeql-action/upload-sarif@v3. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
Container Scan (Trivy)
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/