Caleb Brown

Second order command injection attacks are also possible if attacker controlled input is passed from a workflow to a vulnerable action. For example: - this workflow looks safe: [github.com/wayou/wayou.github.io/.github/workflows/main.yml](https://github.com/wayou/wayou.github.io/blob/3484aaa3ae322adbaeff668ec93130a35018e182/.github/workflows/main.yml) -...

There are a few options here: 1. pull all the images when each worker pod starts 2. pull the images the first time they are needed (this is basically how...

Now available in sandbox images: - git - curl - wget

So after experimenting with a rudimentary approach to diffing, one of the hurdles to overcome will be correctly handling the following scenarios: - mktemp, its variants, and other temporary file...

Thanks for the bug report! I will try and reproduce this on my M1 MacBook Pro.

I ran into this issue while trying to get it to run: https://github.com/docker/for-mac/issues/6297

@tom-pryke do you have any more details on how you're running this and the version of Docker/Docker Compose you're using? I suspect the kernel Docker is using on the M1...

Thanks for those details. I've spent some more time researching this, and: 1. the package-analysis project is built to run on amd64/x86_64 architectures 1. Docker for M1 Mac (arm64) supports...

I will leave this bug open to track documentation updates to help users on M1 Macs (or any other non-amd64 architectures).

I suspect `/tmp/results` may be owned by an underprivileged user the process in the docker container is unable to write into. You may need to `chown` or `chmod` `/tmp/results` to...