Skip to content

[static-analysis] Report - 2026-06-13 #39025

Open
Open
[static-analysis] Report - 2026-06-13#39025
Labels
automatedautomationsecuritystatic-analysis
@github-actions

Description

@github-actions
github-actions
bot
opened on Jun 13, 2026

Analysis Summary

Static analysis of 246 agentic workflows with four tools. Findings are essentially stable vs. 2026-06-12; the only movement is lock-file churn (runner-guard RGS-004 +12 as q/dev-hawk/ai-moderator each gained ~4 generated steps). No new affected files, no new rule+file combinations, no new exposure. All High runner-guard findings map to already-closed static-analysis issues, so 0 new issues were created.

  • Tools: zizmor, poutine, actionlint, runner-guard v2.6.0
  • Total Findings: 1,943 (538 + 24 + 1,053 + 328)
  • Workflows Scanned: 246 · Affected (runner-guard): 17
  • New Issues Created: 0 (all High findings map to closed issues)

Findings by Tool

Tool Total High Medium Low Info
zizmor (security) 538 1 2 31 504
poutine (supply chain) 24 24*
actionlint (linting) 1,053
runner-guard (taint) 328 317 11

*poutine: 12 error, 1 warning, 11 note.

Clustered Findings

Zizmor

Issue Type Severity Count Affected
template-injection Informational 503 ~245 lock files (Execute GitHub Copilot CLI step)
obfuscation Low 28 lock files using ${{ '' }} for GH_AW_WIKI_NOTE
template-injection Low 3 a few lock files
excessive-permissions Medium 1 dependabot-repair.lock.yml:392
artipacked Medium 1 daily-geo-optimizer.lock.yml:1569
superfluous-actions Informational 1 1 lock file
github-env High 1 dev-hawk.lock.yml:1769

The single High zizmor finding (github-env) already carries a # zizmor: ignore[github-env] annotation (GITHUB_SERVER_URL is set by Actions, not user input) — reviewed/accepted, persisting ~22 days.

Poutine

Issue Type Severity Count Affected
untrusted_checkout_exec error 12 dependabot-worker, smoke-workflow-call(-with-inputs) — all # poutine:ignore
github_action_from_unverified_creator_used note 8 markdown-link-check, safedep/pmg, super-linter, setup-uv, action-add-labels
unverified_script_exec note 3 ollama, gh-aw, trufflehog installers
pr_runs_on_self_hosted warning 1 smoke-copilot-arm.lock.yml (ubuntu-24.04-arm)

Actionlint

Issue Type Count Notes
shellcheck 507 shell quoting/style in generated run: blocks
syntax-check 407 mostly unexpected key "queue" for concurrency
permissions 117 unknown scope copilot-requests (gap in actionlint 1.7.12)
expression 22 expression syntax warnings

Runner-Guard

Rule Name Sev Count Affected
RGS-004 Comment-Triggered Workflow w/o Author Auth Check high 301 q (122), dev-hawk (91), ai-moderator (88)
RGS-012 Secret Exfiltration via Outbound HTTP high 10 daily-model-inventory, visual-regression-checker, daily-byok-ollama-test, docs-noob-tester, daily-multi-device-docs-tester
RGS-018 Suspicious Payload Execution Pattern high 6 smoke-codex, smoke-claude, daily-sentrux-report, daily-cli-performance, daily-byok-ollama-test, copilot-setup-steps
RGS-005 Excessive Permissions on Untrusted Trigger medium 8 ai-moderator, q, agentic_commands.yml
RGS-019 Step Output Interpolated in run Block medium 2 error-message-lint.yml, windows-cli-integration.yml
RGS-007 Unpinned Third-Party Action (Mutable Tag) medium 1 aoai-endpoint-smoke-test.yml

Issues created: none. Every High rule+file combo maps to an already-closed [static-analysis] issue (verified via GitHub search), so per dedup policy they are skipped:

Top Priority

1. RGS-004 (High, 301 across q/dev-hawk/ai-moderator)issue_comment/workflow_run-triggered workflows with secrets/write access. Runner-guard flags every privileged step because it cannot see the framework-level roles/activation gate that actually restricts execution; prior issues were reviewed and closed for this reason.

2. zizmor github-env (High, dev-hawk.lock.yml:1769) — annotated # zizmor: ignore[github-env]; accepted, not a live risk.

Fix Suggestion — template-injection (zizmor, 506 findings, highest volume)

Issue: zizmor flags template-injection (Informational) on the generated Execute GitHub Copilot CLI step in ~245 lock files. Affected: ~245 generated .lock.yml.

Prompt to Copilot Agent:

You are reducing zizmor `template-injection` (Informational) noise emitted by the
gh-aw COMPILER, NOT hand-editing generated .lock.yml files.

Rule: template-injection — (docs.zizmor.sh/redacted)

Problem: zizmor flags the generated "Execute GitHub Copilot CLI" step in ~245 lock
files. Informational and framework-controlled, but the volume (506) drowns out signal.

Fix (in the templates under pkg/, not the .lock.yml output):
1. Find the template emitting the "Execute GitHub Copilot CLI" step.
2. Where github.* context feeds a run: block, route it via an env: mapping and
   reference $ENV_VAR in the script body instead of inlining ${{ ... }}.
3. For provably-constant expansions, add a scoped
   `# zizmor: ignore[template-injection]` with a one-line justification.
4. Recompile and confirm the template-injection count drops.

Pattern: replace  run: echo "${{ github.event.issue.title }}"
with      env: { ISSUE_TITLE: ${{ github.event.issue.title }} }  +  run: echo "$ISSUE_TITLE"

Apply at the compiler level so the fix propagates to all ~245 lock files on recompile.
All Findings — Detail by File

Runner-guard (High): q.lock.yml RGS-004×122 · dev-hawk.lock.yml RGS-004×91 (+zizmor github-env High, annotated) · ai-moderator.lock.yml RGS-004×88 (+RGS-005) · daily-model-inventory RGS-012×4 · visual-regression-checker RGS-012×2 · daily-byok-ollama-test RGS-012×2 + RGS-018×1 · docs-noob-tester RGS-012×1 · daily-multi-device-docs-tester RGS-012×1 · smoke-codex/smoke-claude/daily-sentrux-report/daily-cli-performance/copilot-setup-steps RGS-018×1 each.

Runner-guard (Medium): RGS-005 → ai-moderator, q, agentic_commands.yml · RGS-019 → error-message-lint.yml, windows-cli-integration.yml · RGS-007 → aoai-endpoint-smoke-test.yml (azure/login@v2).

Poutine: untrusted_checkout_exec ×12 (all # poutine:ignore) → dependabot-worker, smoke-workflow-call(-with-inputs); unverified-creator ×8; unverified_script_exec ×3; pr_runs_on_self_hosted ×1 → smoke-copilot-arm.

Historical Trends

Metric 2026-06-12 2026-06-13 Δ
zizmor 539 538 −1
poutine 24 24 0
actionlint 1,052 1,053 +1
runner-guard 316 328 +12
Total 1,931 1,943 +12

New issue types: none. Resolved: none. The +12 runner-guard is entirely RGS-004 step-count growth in the same 3 known files (q/dev-hawk/ai-moderator each +4) from lock-file regeneration — not new exposure. RG severity split: High 317 / Medium 11.

Recommendations

  1. Immediate: No new action — all High findings are reviewed/closed or annotated.
  2. Short-term: Reduce zizmor template-injection volume at the compiler/template level (see fix prompt) to restore signal-to-noise.
  3. Long-term: Add a runner-guard baseline so framework-gated RGS-004 workflows (q/dev-hawk/ai-moderator) stop re-flagging every privileged step.
  4. Prevention: Whitelist the copilot-requests scope in actionlint config (known gap in 1.7.12) to clear 117 permission errors.

Next Steps

  • Reduce zizmor template-injection noise in compiler templates
  • Add a runner-guard baseline for the 3 framework-gated RGS-004 workflows
  • Suppress the copilot-requests permission-scope false positive in actionlint config
  • Continue monitoring the annotated dev-hawk github-env High finding

References:

Generated by 📊 Static Analysis Report · 262.3 AIC · ⌖ 16.1 AIC · ⊞ 10K ·

  • expires on Jun 19, 2026, 10:15 PM UTC-08:00

Metadata

Metadata

Assignees

No one assigned

    Labels

    automatedautomationsecuritystatic-analysis

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions