Skip to content

Detecting and fixing incorrect YAML samples#3165

Open
mnocon wants to merge 1 commit into
5.0from
test-yamls
Open

Detecting and fixing incorrect YAML samples#3165
mnocon wants to merge 1 commit into
5.0from
test-yamls

Detecting and fixing incorrect YAML samples

a0c14b5
Select commit
Loading
Failed to load commit list.
GitHub Advanced Security / SonarCloud failed Jun 23, 2026 in 2s

1 new alert including 1 high severity security vulnerability

New alerts in code changed by this pull request

Security Alerts:

  • 1 high

See annotations below for details.

View all branch alerts.

Annotations

Check failure on line 103 in .github/workflows/code_samples.yaml

See this annotation in the file changed.

Code scanning / SonarCloud

GitHub Actions should not be vulnerable to script injections High

The expression github.head\_ref can be set by an external actor to a specially crafted value, enabling script injection. Change this workflow to not use user-controlled data directly in a run block, for example by assigning this expression to an environment variable. See more on SonarQube Cloud