StepSecurity Bot comments

Results 109 comments of


                                            StepSecurity Bot

[KB] Add KB for actions/first-interaction

### Analysis ```yml Action Name: actions/first-interaction Action Type: Docker GITHUB_TOKEN Matches: repo-token,GITHUB_TOKEN,Token Stars: 394 Private: false Forks: 206 ```

[KB] Add KB for actions-rs/install

This action's `action.yml` & `README.md` doesn't contains any reference to GITHUB_TOKEN ### action-security.yml ```yaml name: 'rust-cargo-install' # actions-rs/install # GITHUB_TOKEN not used ```

[KB] Add KB for DeLaGuardo/setup-clojure

### Analysis ```yml Action Name: DeLaGuardo/setup-clojure Action Type: Node GITHUB_TOKEN Matches: github-token,GITHUB_TOKEN,token Top language: TypeScript Stars: 118 Private: false Forks: 20 ``` ### Endpoints Found |Endpoint | Permission| |---------| ----------|...

[KB] Add KB for papertigers/illumos-vm

### Analysis ```yml Action Name: papertigers/illumos-vm Action Type: Node GITHUB_TOKEN Matches: TOKEN Top language: JavaScript Stars: 3 Private: false Forks: 0 ``` ### action-security.yml

[KB] Add KB for fsfe/reuse-action

This action's `action.yml` & `README.md` doesn't contains any reference to GITHUB_TOKEN ### action-security.yml ```yaml name: 'REUSE Compliance Check' # fsfe/reuse-action # GITHUB_TOKEN not used ```

[KB] Add KB for imjasonh/setup-ko

### Analysis ```yml Action Name: imjasonh/setup-ko Action Type: Composite GITHUB_TOKEN Matches: token,GITHUB_TOKEN Stars: 10 Private: false Forks: 2 ```

[KB] Add GitHub token permissions for richardsimko/update-tag Action

### Analysis ```yml Action Name: richardsimko/update-tag Action Type: Node GITHUB_TOKEN Matches: GITHUB_TOKEN Top language: JavaScript Stars: 16 Private: false Forks: 8 ``` ### Endpoints Found |Endpoint | Permission| |---------| ----------|...

[KB] Add GitHub token permissions for fossa-contrib/fossa-action Action

### Analysis ```yml Action Name: fossa-contrib/fossa-action Action Type: Node GITHUB_TOKEN Matches: token,github-token Top language: TypeScript Stars: 15 Private: false Forks: 4 ``` ### Endpoints Found |Endpoint | Permission| |---------| ----------|...

[KB] Add GitHub token permissions for twisted/python-info-action Action

### Analysis ```yml Action Name: twisted/python-info-action Action Type: Composite GITHUB_TOKEN Matches: token Stars: 0 Private: false Forks: 3 ```

[KB] Add GitHub token permissions for JS-DevTools/npm-publish Action

### Analysis ```yml Action Name: JS-DevTools/npm-publish Action Type: Node GITHUB_TOKEN Matches: token,TOKEN Top language: JavaScript Stars: 380 Private: false Forks: 55 ``` ### Endpoints Found |Endpoint | Permission| |---------| ----------|...