🔍 Static Analysis Report - November 4, 2025 (Full Scan)

[github-actions[bot]]

🔍 Static Analysis Report - November 4, 2025

Executive Summary

Completed comprehensive static analysis of 66 agentic workflows using three security tools: zizmor, poutine, and actionlint. All workflows were successfully compiled and scanned for security vulnerabilities and code quality issues.

Key Findings:

• 1 High severity security issue discovered in smoke-detector workflow (dangerous workflow trigger)
• 9 Low severity findings related to template injection in MCP setup steps
• 3 workflows have missing permission configurations
• 0 findings from poutine (supply chain security) - excellent supply chain security posture

Urgency: The High severity dangerous-triggers finding in smoke-detector requires immediate attention as it represents a known attack vector for GitHub Actions workflows.

---

Analysis Summary

• Tools Used: zizmor (security), poutine (supply chain), actionlint (linting)
• Total Findings: 13 security/configuration issues
• Workflows Scanned: 66 workflows
• Workflows Compiled: 66 workflows (100% success rate)
• Compilation Warnings: 15 warnings (non-security related)

Findings by Tool

Tool	Total	Critical	High	Medium	Low	Info
zizmor (security)	10	0	1	0	9	0
poutine (supply chain)	0	0	0	0	0	0
actionlint (linting)	0	0	0	0	0	0
Permission Warnings	3	0	0	3	0	0

Findings Distribution by Severity

Critical: 0
High:     1 ████████████████████ (dangerous-triggers)
Medium:   3 ████████████████████████████████████████████████████████████ (permission warnings)
Low:      9 ████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████ (template-injection)

---

Detailed Findings by Tool

🔴 Zizmor Security Findings (10 total)

1. Dangerous Triggers (HIGH SEVERITY) ⚠️

Severity: High | Count: 1 occurrence | Rule: dangerous-triggers

Affected Workflow:

• smoke-detector.lock.yml (line 54)

Description:
The workflow uses workflow_run trigger with wildcard branch patterns (copilot/*), which is fundamentally insecure. This trigger allows workflows to run in a privileged context (base branch) even when triggered by potentially untrusted code from pull requests or feature branches.

Security Impact:

• Workflow runs with elevated permissions (read/write access)
• Can access repository secrets
• Malicious actors can craft pull requests that trigger workflows with arbitrary code execution
• Known attack vector for GitHub Actions (CVE-level risk)

Location:

# smoke-detector.lock.yml:54
on:
  workflow_run:
    branches:
      - copilot/*  # ⚠️ Wildcard branches with workflow_run is dangerous
    types:
      - completed
    workflows:
      - Smoke Claude
      - Smoke Codex
      - Smoke Copilot

Reference: (redacted)#dangerous-triggers

---

2. Template Injection (LOW SEVERITY)

Severity: Low | Count: 9 occurrences | Rule: template-injection

Affected Workflows:

Workflow	Occurrences	Line	Step Name
duplicate-code-detector	4	1029	Setup MCPs
mcp-inspector	1	1105	Setup MCPs
smoke-codex	4	1011	Setup MCPs

Description:
Template expressions in MCP setup steps could allow code injection if user-controlled data flows into these expressions. While marked as Low severity, this can escalate if attackers can control issue titles, PR names, or workflow inputs that feed into these templates.

Pattern Identified:
All occurrences are in "Setup MCPs" steps where MCP (Model Context Protocol) servers are configured. The template expressions likely involve dynamic configuration that could be influenced by external inputs.

Example Location:

# duplicate-code-detector.lock.yml:1029
- name: Setup MCPs
  env:
    GITHUB_MCP_SERVER_TOKEN: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }}
    # Template expressions in env vars or run commands

Reference: (redacted)#template-injection

---

🟢 Poutine Supply Chain Security (0 findings)

Excellent News! Poutine detected zero supply chain security issues across all 66 workflows.

This indicates:

• ✅ No unpinned actions or third-party dependencies
• ✅ No use of self-hosted runners with public repositories
• ✅ No script injection vulnerabilities in supply chain
• ✅ Proper action version pinning throughout workflows

---

🔵 Actionlint Linting (0 errors in compilation output)

No actionlint errors were reported in the compilation output. This represents a significant improvement from previous scans which detected shellcheck issues (SC2086, SC2012, etc.).

Note: Previous scans detected 141 actionlint findings, primarily shellcheck warnings. The absence of these in the current output may indicate either:

1. They were fixed since the last scan
2. They are not displayed during compilation (only stored in lock files)
3. Compilation focuses on security issues rather than linting warnings

---

⚙️ Permission Configuration Issues (3 workflows)

Workflow	Missing Permissions	Required By	Severity
example-permissions-warning.md	contents: write(br)issues: write(br)pull-requests: write	repos, issues, pull_requests toolsets	Medium
python-data-charts.md	issues: read(br)pull-requests: read	issues, pull_requests toolsets	Medium
test-secret-masking.md	issues: read(br)pull-requests: read	issues, pull_requests toolsets	Medium

Impact: These workflows will fail at runtime when attempting to access GitHub APIs without proper permissions.

Fix: Add missing permissions to workflow frontmatter:

permissions:
  contents: write       # For repos operations
  issues: write         # For creating/updating issues
  pull-requests: write  # For PR operations

---

Compilation Warnings (15 total)

These are non-security warnings but indicate potential configuration or compatibility issues:

By Type

Warning Type	Count	Sample Workflows Affected
Network firewalling	7	artifacts-summary, audit-workflows, blog-auditor
Action resolution	4	artifacts-summary, audit-workflows
Web search support	2	changeset, daily-news
Pip package validation	3	mcp-inspector, pdf-summary, scout
Agent configuration	1	technical-doc-writer

Note: These warnings don't represent security vulnerabilities but should be addressed for workflow reliability.

---

Priority Issues & Recommendations

🔴 URGENT (Fix Immediately)

1. Fix dangerous-triggers in smoke-detector (HIGH SEVERITY)

Risk Level: HIGH - CVE-level vulnerability
Affected: smoke-detector.lock.yml
Recommended Fix: Replace workflow_run trigger with workflow_call pattern

Detailed Fix Instructions

Current (Insecure):

on:
  workflow_run:
    branches:
      - copilot/*  # Vulnerable!
    types:
      - completed
    workflows:
      - Smoke Claude
      - Smoke Codex
      - Smoke Copilot

Recommended Fix:

on:
  workflow_call:
    inputs:
      workflow_name:
        description: 'Name of the workflow that completed'
        required: true
        type: string
      run_id:
        description: 'Run ID of the completed workflow'
        required: true
        type: string
      conclusion:
        description: 'Conclusion of the workflow run'
        required: true
        type: string

jobs:
  investigate:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      issues: write
    steps:
      - uses: actions/checkout@v4
      
      - name: Investigate failure
        if: inputs.conclusion == 'failure'
        env:
          RUN_ID: ${{ inputs.run_id }}
          WORKFLOW_NAME: ${{ inputs.workflow_name }}
        run: |
          # Safe investigation logic here

Then modify smoke test workflows to call this workflow:

jobs:
  smoke-test:
    # ... test steps ...
    
  investigate-on-failure:
    needs: smoke-test
    if: failure()
    uses: ./.github/workflows/smoke-detector.yml
    with:
      workflow_name: ${{ github.workflow }}
      run_id: ${{ github.run_id }}
      conclusion: failure
    permissions:
      contents: read
      issues: write

Why this is safer:

• workflow_call doesn't expose elevated privileges to untrusted code
• Explicit input validation and type checking
• Minimal permissions (contents: read, issues: write)
• No access to secrets from triggering workflow

Reference: See /tmp/gh-aw/cache-memory/fix-templates/zizmor-dangerous-triggers.md for complete fix guide

---

🟡 HIGH PRIORITY (Fix Soon)

2. Review and mitigate template-injection warnings (LOW SEVERITY)

Risk Level: LOW (can escalate to HIGH if user input flows into templates)
Affected: 3 workflows, 9 occurrences
Recommended Fix: Move template expressions to environment variables

Fix Pattern for Template Injection

Current Pattern (Potentially Vulnerable):

- name: Setup MCPs
  run: |
    mcp configure --option "${{ github.event.inputs.config }}"

Recommended Fix:

- name: Setup MCPs
  env:
    MCP_CONFIG: ${{ github.event.inputs.config }}
  run: |
    # Validate config before using
    if [[ "$MCP_CONFIG" =~ [^\w\-\.] ]]; then
      echo "Invalid config format"
      exit 1
    fi
    mcp configure --option "$MCP_CONFIG"

Key Principles:

1. Move ${{ }} expressions from run: to env:
2. Add input validation before using variables
3. Use double quotes around variables in bash
4. Sanitize user-controlled data

Apply to:

• duplicate-code-detector.lock.yml:1029
• mcp-inspector.lock.yml:1105
• smoke-codex.lock.yml:1011

Reference: See /tmp/gh-aw/cache-memory/fix-templates/zizmor-template-injection.md for complete fix guide

---

🟢 MEDIUM PRIORITY (Address This Week)

3. Add missing permissions to 3 workflows

Risk Level: MEDIUM (workflows will fail at runtime)
Affected: example-permissions-warning, python-data-charts, test-secret-masking
Recommended Fix: Add permission blocks to workflow frontmatter

Fix Instructions

Add the following to each workflow's frontmatter:

For example-permissions-warning.md:

---
permissions:
  contents: write
  issues: write
  pull-requests: write
---

For python-data-charts.md and test-secret-masking.md:

---
permissions:
  issues: read
  pull-requests: read
---

Why this matters:

• Workflows will fail when trying to use GitHub toolsets without proper permissions
• Better to declare permissions explicitly than rely on defaults
• Follows security principle of least privilege

---

Historical Comparison

Comparing with previous scan (2025-11-04 09:10 AM):

Metric	Morning Scan	Current Scan	Change
Workflows Scanned	68	66	-2
Total Findings	36	13	-23 (64% reduction)
High Severity	1	1	No change
Low Severity	8	9	+1
Zizmor Findings	12	10	-2
Poutine Findings	0	0	No change
Actionlint Findings	24	0	-24

Key Trends:

• ✅ 64% reduction in total findings (likely due to different reporting methodology)
• ⚠️ dangerous-triggers issue persists (same High severity finding)
• ✅ Poutine continues to find zero supply chain issues (excellent security posture)
• ❓ Actionlint findings not visible in current compilation output (may be stored in lock files)

---

Recommendations Summary

Immediate Actions (This Week)

1. ✅ Fix dangerous-triggers in smoke-detector (HIGH SEVERITY)

   • Replace workflow_run with workflow_call pattern
   • See fix template: /tmp/gh-aw/cache-memory/fix-templates/zizmor-dangerous-triggers.md

2. ✅ Review template-injection in MCP setup steps (9 occurrences)

   • Move template expressions to environment variables
   • Add input validation
   • See fix template: /tmp/gh-aw/cache-memory/fix-templates/zizmor-template-injection.md

3. ✅ Add missing permissions to 3 workflows

   • example-permissions-warning.md
   • python-data-charts.md
   • test-secret-masking.md

Process Improvements (This Month)

4. 🔄 Add zizmor to CI/CD pipeline

   • Run static analysis on all workflow changes
   • Block PRs with High/Critical findings

5. 🔄 Create workflow templates with secure defaults

   • Pre-configured permissions
   • Safe template expression patterns
   • Input validation examples

6. 🔄 Review wildcard branch patterns in workflow triggers

   • Audit all uses of workflow_run trigger
   • Consider alternatives for cross-workflow communication

7. 🔄 Address compilation warnings

   • Network firewalling for Claude workflows
   • Validate pip package dependencies
   • Fix technical-doc-writer agent configuration

---

Testing & Verification

After applying fixes:

1. ✅ Re-compile workflows with static analysis:

   gh aw compile --workflow=smoke-detector --zizmor --poutine --actionlint

2. ✅ Verify zizmor no longer reports dangerous-triggers:

   # Expected: 0 findings
   gh aw compile --workflow=smoke-detector --zizmor | grep dangerous-triggers

3. ✅ Test workflow with safe inputs to ensure functionality preserved

4. ✅ Update this report with "FIXED" status for resolved issues

---

Resources & References

Fix Templates (in cache memory)

• dangerous-triggers: /tmp/gh-aw/cache-memory/fix-templates/zizmor-dangerous-triggers.md
• template-injection: /tmp/gh-aw/cache-memory/fix-templates/zizmor-template-injection.md

Documentation

• Zizmor Documentation
• GitHub Actions Security Hardening
• Preventing Pwn Requests

Scan Data

• Current Scan: /tmp/gh-aw/cache-memory/security-scans/2025-11-04-full-scan.json
• Scan Index: /tmp/gh-aw/cache-memory/security-scans/index.json

---

Next Steps

1. Create fix PR for dangerous-triggers in smoke-detector workflow
2. Schedule review of template-injection findings with security team
3. Add permissions to 3 workflows with configuration issues
4. Run follow-up scan after fixes to verify resolution
5. Update workflow templates to prevent similar issues in future workflows

---

Scan Information:

• Date: 2025-11-04
• Time: 17:44 UTC
• Scan Type: Full scan (66 workflows)
• Tools: zizmor 0.x, poutine 0.x, actionlint 1.x
• Repository: githubnext/gh-aw
• Workflow Run: §19077749966

---

🤖 This report was automatically generated by the Static Analysis Report Agent using the gh-aw MCP server.

AI generated by Static Analysis Report

[github-actions[bot]]

This discussion was automatically closed because it was created by an agentic workflow more than 1 week ago.