| title | slug | url | rule | severity |
|---|---|---|---|---|
Build Component with a Known Vulnerability used |
known_vulnerability_in_build_component |
/rules/known_vulnerability_in_build_component/ |
known_vulnerability_in_build_component |
warning |
A CI component was found to be vulnerable to a publicly known security vulnerability from the Open Source Vulnerability Database (OSV)
GitHub Actions workflows using third-party GitHub Actions with known vulnerabilities could compromise the security of the workflow and the repository.
Upgrade the affected component to a non-vulnerable version or remove the component from the workflow.