Static Analysis Report - 2026-03-22

[github-actions[bot]]

Analysis Summary

Daily static analysis scan completed for 177 workflows using zizmor, poutine, and actionlint. All workflows compiled successfully (0 errors, 21 compiler warnings). The most critical open issue remains poutine untrusted_checkout_exec in the smoke workflow-call tests — now day 8 unresolved. Zizmor and actionlint raw counts are slightly up vs. yesterday, consistent with the stable 177-workflow baseline.

• Tools Used: zizmor, poutine, actionlint
• Workflows Scanned: 177
• Workflows Compiled: 177 (0 errors, 21 warnings)
• Total Raw Findings: 7,771 (actionlint: 3,904 · zizmor: 3,848 · poutine: 19)

Findings by Tool

Tool	Total	Critical/Error	High	Medium	Low/Note
zizmor (security)	3,848	—	10	3,815	23
poutine (supply chain)	19	6	—	1	12
actionlint (linting)	3,904	—	—	—	3,904

Top Priority Issues

1. untrusted_checkout_exec — Poutine ERROR (Day 8 Unresolved)

• Tool: poutine
• Count: 6 findings
• Severity: Error (Critical)
• Affected: smoke-workflow-call, smoke-workflow-call-with-inputs
• Description: Arbitrary code execution risk from untrusted code changes — bash scripts are executed in a context where PR/fork code could influence execution.
• Timeline: First detected 2026-03-15 · briefly resolved 2026-03-18 · re-emerged 2026-03-19 · unresolved for 8 consecutive days.
• Reference: [poutine untrusted_checkout_exec]((boostsecurityio.github.io/redacted)

2. github-env — Zizmor HIGH

• Tool: zizmor
• Count: 8 findings
• Severity: High
• Affected: ci-doctor, dev-hawk
• Description: Dangerous use of the GITHUB_ENV environment file. Writing to $GITHUB_ENV from within a step can allow environment variable injection if any prior step is compromised.
• Reference: [zizmor github-env]((docs.zizmor.sh/redacted)

3. unpinned-uses — Zizmor HIGH

• Tool: zizmor
• Count: 2 findings
• Severity: High
• Affected: daily-cli-performance, issue-monster
• Description: GitHub Actions used without pinning to a specific SHA, allowing supply chain attacks via tag mutation.
• Reference: [zizmor unpinned-uses]((docs.zizmor.sh/redacted)

4. secrets-outside-env — Zizmor MEDIUM (Systemic)

• Tool: zizmor
• Count: 3,813 findings
• Severity: Medium
• Affected: All 177 workflows (systemic — generated by framework)
• Description: Secrets referenced in run: scripts without a dedicated env: block, exposing them in process listings. This is a systemic pattern in the compiled .lock.yml output.
• Reference: [zizmor secrets-outside-env]((docs.zizmor.sh/redacted)

Clustered Findings by Tool

Zizmor Security Findings

Issue Type	Severity	Count	Affected Workflows
secrets-outside-env	Medium	3,813	All 177 (systemic)
obfuscation	Low	20	Multiple
github-env	High	8	ci-doctor, dev-hawk
unpinned-uses	High	2	daily-cli-performance, issue-monster
template-injection	Informational	3	contribution-check
secrets-inherit	Medium	1	1 workflow
artipacked	Medium	1	1 workflow

Poutine Supply Chain Findings

Issue Type	Severity	Count	Affected Workflows
untrusted_checkout_exec	Error	6	smoke-workflow-call, smoke-workflow-call-with-inputs
github_action_from_unverified_creator_used	Note	8	copilot-setup-steps, daily-copilot-token-report, mcp-inspector, smoke-codex, super-linter, link-check, vet
unverified_script_exec	Note	2	copilot-setup-steps, daily-copilot-token-report
unpinnable_action	Note	2	.github/actions/daily-perf-improver, .github/actions/daily-test-improver
pr_runs_on_self_hosted	Warning	1	smoke-copilot-arm

Actionlint Linting Issues

Issue Type	Count	Notes
shellcheck (SC2086)	3,862	Unquoted \$\{RUNNER_TEMP} variable — systemic in generated lock files
permissions	41	Unknown copilot-requests scope — not yet recognized by actionlint
expression	1	Property activated not defined in ace-editor.lock.yml

Fix Suggestion for untrusted_checkout_exec

Issue: Arbitrary Code Execution from Untrusted Code Changes
Severity: Error (Critical)
Affected Workflows: 2 (smoke-workflow-call, smoke-workflow-call-with-inputs)
Days Unresolved: 8

Prompt to Copilot Agent:

You are fixing a critical security vulnerability identified by poutine.

**Vulnerability**: untrusted_checkout_exec — Arbitrary Code Execution from Untrusted Code Changes
**Rule**: (boostsecurityio.github.io/redacted)

**Current Issue**:
In `smoke-workflow-call.md` and `smoke-workflow-call-with-inputs.md`, the workflow is triggered
by `workflow_call` and executes bash scripts in a job that runs after checking out code from
a potentially untrusted source (fork/PR). Poutine detects that `bash` is invoked in a context
where untrusted code from the triggering workflow could influence script execution.

The flagged lines in the compiled output are:
- `run: bash \$\{RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh`
- `run: bash \$\{RUNNER_TEMP}/gh-aw/actions/validate_prompt_placeholders.sh`
- `run: bash \$\{RUNNER_TEMP}/gh-aw/actions/print_prompt_summary.sh`

**Root Cause**: The scripts are pulled from `\$\{RUNNER_TEMP}/gh-aw/actions/` (downloaded from
the repository during checkout), so if the workflow is called from a fork with malicious script
changes, those scripts could be executed.

**Required Fix**:
Option A — Restrict to trusted refs only: Add a condition to the job to ensure it only runs
when triggered by trusted refs (non-fork, or pinned SHA). In the workflow frontmatter, add:

```yaml
on:
  workflow_call:
    # Add caller restrictions if applicable
```

In the job definition, add a guard:
```yaml
jobs:
  activation:
    if: github.event.repository.fork == false || github.event_name != 'pull_request'
```

Option B — Use repository-pinned scripts: Reference scripts from a pinned SHA rather than
the current checkout, so fork code changes cannot affect the scripts being run.

Option C — Mark as accepted risk with suppression comment: If this is a known acceptable
pattern for internal testing workflows, add a poutine suppression comment:
```yaml
# poutine:ignore untrusted_checkout_exec
run: bash \$\{RUNNER_TEMP}/gh-aw/actions/create_prompt_first.sh
```

Please review `smoke-workflow-call.md` and `smoke-workflow-call-with-inputs.md` and apply
the most appropriate fix based on the intended use of these smoke test workflows.

Historical Trends

Date	Workflows	Compiler Warns	Actionlint	Zizmor	Poutine	Key Events
2026-03-09	166	25	41	3,545	9	zizmor secrets-outside-env audit added
2026-03-14	174	40	43	3,746	12	+8 workflows
2026-03-15	173	40	43	3,744	18	NEW: untrusted_checkout_exec
2026-03-18	175	55	3,838	3,814	1	RESOLVED untrusted_checkout_exec
2026-03-19	175	34	3,871	3,839	18	REGRESSION: untrusted_checkout_exec back
2026-03-21	177	36	3,884	3,816	19	NEW: unpinned-uses daily-cli-performance
2026-03-22	177	21	3,904	3,848	19	Stable. Day 8 unresolved.

Trend Analysis

• Zizmor: +32 raw vs. yesterday — slight upward drift, consistent with minor workflow changes
• Actionlint: +20 raw vs. yesterday — slight upward drift; primarily SC2086 in generated files
• Poutine: 19 → 19 (stable)
• Compiler warnings: 36 → 21 (measurement difference — the 21 reflects compilation-phase warnings only)
• untrusted_checkout_exec: Introduced 2026-03-15, "resolved" 2026-03-18 for one day, re-emerged 2026-03-19. Now at day 8 with no resolution. This pattern suggests the fix was reverted or a new PR triggered the regression.

Compiler Warnings Detail (21 warnings)

Warning Type	Count	Affected Workflows
Missing vulnerability-alerts: read permission (dependabot toolset)	7	daily-firewall-report, deep-report, dependabot-go-checker, github-mcp-structural-analysis, github-mcp-tools-report, security-review (+ 1 more)
Experimental feature: rate-limit	3	agent-performance-analyzer, constraint-solving-potd, weekly-safe-outputs-spec-review
push-to-pull-request-branch target * without constraints	2	smoke-claude
Engine copilot does not support web-search tool	2	ci-coach, example-workflow-analyzer
Discussion category normalized to lowercase	1	commit-changes-analyzer
Experimental feature: dependencies (APM)	1	smoke-claude
Schedule fixed-time warnings	7	Various scheduled workflows

All Poutine Findings

smoke-workflow-call and smoke-workflow-call-with-inputs — untrusted_checkout_exec (Error)

• Lines 175, 277, 281 (both workflows)
• Detected usage of bash for: create_prompt_first.sh, validate_prompt_placeholders.sh, print_prompt_summary.sh

smoke-copilot-arm — pr_runs_on_self_hosted (Warning)

• Line 321: runs-on: ubuntu-24.04-arm
• Pull request job running on self-hosted runner

copilot-setup-steps — unverified_script_exec + github_action_from_unverified_creator_used (Note)

• Line 17: curl ... | bash from raw.githubusercontent.com
• Line 42: astral-sh/setup-uv@eac588ad8def6316056a12d4907a9d4d84ff7a3b

daily-copilot-token-report — unverified_script_exec + github_action_from_unverified_creator_used (Note)

• Line 333: same curl | bash pattern
• Line 345: astral-sh/setup-uv@eac588ad8def6316056a12d4907a9d4d84ff7a3b

mcp-inspector — github_action_from_unverified_creator_used (Note)

• Line 399: astral-sh/setup-uv@29b21a839666e60d6a2015b4010b35b7911d3590

smoke-codex — github_action_from_unverified_creator_used (Note)

• Line 1572: actions-ecosystem/action-add-labels@c96b68fec76a0987cd93957189e9abd0b9a72ff1

super-linter — github_action_from_unverified_creator_used (Note)

• Line 1113: super-linter/super-linter@61abc07d755095a68f4987d1c2c3d1d64408f1f9

link-check.yml — github_action_from_unverified_creator_used (Note)

• Lines 35, 43: gaurav-nelson/github-action-markdown-link-check@5c5dfc0ac2e225883c0e5f03a85311ec2830d368

vet.yml — github_action_from_unverified_creator_used (Note)

• Line 25: safedep/vet-action@v1 (not pinned to SHA)

.github/actions/daily-perf-improver + .github/actions/daily-test-improver — unpinnable_action (Note)

• Local composite actions that cannot be pinned

Recommendations

1. Immediate: Investigate and resolve untrusted_checkout_exec in smoke-workflow-call and smoke-workflow-call-with-inputs (day 8 unresolved — see fix prompt above)
2. Short-term: Fix github-env (High) in ci-doctor and dev-hawk — replace >> $GITHUB_ENV with $GITHUB_OUTPUT where possible
3. Short-term: Pin unpinned actions in daily-cli-performance and issue-monster to specific SHAs
4. Medium-term: Add vulnerability-alerts: read permission to 7 workflows using the dependabot toolset
5. Long-term: The secrets-outside-env (3,813 findings) pattern is systemic in generated lock files — evaluate whether the framework can emit secrets via env: blocks to reduce this noise
6. Process: The untrusted_checkout_exec recurrence pattern (resolved then re-emerged) suggests a need for a mandatory CI check on these specific workflows

References:

• §23397364738
• §23373809986 (previous day)
• §23282876992 (regression introduced)

AI generated by Static Analysis Report · history

• expires on Mar 23, 2026, 6:34 AM UTC

[pelikhan]

/plan

[github-actions[bot]]

🚀 Plan Command has started processing this discussion comment

[github-actions[bot]]

This discussion has been marked as outdated by Static Analysis Report.

A newer discussion is available at Discussion #22385.