Security #30
security.yml
on: schedule
Secret Scanning (gitleaks)
17s
Markdown Lint (diga/)
8s
Link Check (lychee)
2m 21s
Dependency Review
0s
OSV Scanner (manifest-CVE)
17s
OSV Scanner (private app repo)
5s
TLS Posture (testssl.sh)
8m 55s
HTTP Security Headers (Observatory)
4s
Annotations
5 errors, 8 warnings, and 1 notice
|
Markdown Lint (diga/)
Failed with exit code: 1
|
|
Multiple consecutive blank lines:
diga/COMPLIANCE_MATRIX_TR1_OFFICIAL.md#L286
diga/COMPLIANCE_MATRIX_TR1_OFFICIAL.md:286 MD012/no-multiple-blanks Multiple consecutive blank lines [Expected: 1; Actual: 2] https://github.com/DavidAnson/markdownlint/blob/v0.36.1/doc/md012.md
|
|
Bare URL used:
diga/COMPLIANCE_MATRIX_TR1_OFFICIAL.md#L87
diga/COMPLIANCE_MATRIX_TR1_OFFICIAL.md:87:183 MD034/no-bare-urls Bare URL used [Context: "security@twobreath.com"] https://github.com/DavidAnson/markdownlint/blob/v0.36.1/doc/md034.md
|
|
Multiple consecutive blank lines:
diga/COMPLIANCE_MATRIX_TR1_OFFICIAL.md#L27
diga/COMPLIANCE_MATRIX_TR1_OFFICIAL.md:27 MD012/no-multiple-blanks Multiple consecutive blank lines [Expected: 1; Actual: 2] https://github.com/DavidAnson/markdownlint/blob/v0.36.1/doc/md012.md
|
|
Headings should be surrounded by blank lines:
diga/BSI_ASSESSMENT.md#L104
diga/BSI_ASSESSMENT.md:104 MD022/blanks-around-headings Headings should be surrounded by blank lines [Expected: 1; Actual: 0; Below] [Context: "### Volltext-Anhang"] https://github.com/DavidAnson/markdownlint/blob/v0.36.1/doc/md022.md
|
|
HTTP Security Headers (Observatory)
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/upload-artifact@v4. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
OSV Scanner (private app repo)
APP_REPO_TOKEN secret not set — cross-repo scan skipped. Add a fine-grained PAT with Contents:Read on ma3u/TwoBreath-app to enable.
|
|
Markdown Lint (diga/)
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/checkout@v4, DavidAnson/markdownlint-cli2-action@v18. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
OSV Scanner (manifest-CVE)
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/checkout@v4, actions/upload-artifact@v4, github/codeql-action/upload-sarif@v3. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
OSV Scanner (manifest-CVE)
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
|
|
Secret Scanning (gitleaks)
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/checkout@v4, gitleaks/gitleaks-action@v2. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
Link Check (lychee)
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/checkout@v4. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
TLS Posture (testssl.sh)
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/upload-artifact@v4. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
Link Check (lychee)
Summary report available at: https://github.com/ma3u/TwoBreath/actions/runs/26019159684#summary-76476154714
|
Artifacts
Produced during runtime
| Name | Size | Digest | |
|---|---|---|---|
|
gitleaks-results.sarif
|
6.61 KB |
sha256:3e28cc37fd98c3569069bf86ebdb74bfdbdee83439d99828940f508217e3fc26
|
|
|
observatory-report
|
359 Bytes |
sha256:89675cf06dad7bc5b14003bb923802d64000e272b2d2f452d3f2b274d817c747
|
|
|
osv-scanner-report
|
582 Bytes |
sha256:4f180cd0e586daccba5db69bb0b0df96eac7bed7ab0b344939bd922082468561
|
|
|
testssl-report
|
1.32 KB |
sha256:01f91cdf179f47a1264877caca578f1da32a7675012ef5c7b35831669afcb7b6
|
|