Skip to content

[static-analysis] Report - 2026-04-17 #26933

Open
Open
[static-analysis] Report - 2026-04-17#26933
Labels
automationsecurity
@github-actions

Description

@github-actions
github-actions
bot
opened on Apr 17, 2026

Analysis Summary

Daily static analysis scan of all agentic workflow files in github/gh-aw.

  • Tools Used: zizmor, poutine, actionlint, runner-guard
  • Total Findings: ~240 (112 actionlint + ~107 zizmor + ~21 poutine + 0 runner-guard)
  • Workflows Scanned: 194
  • Workflows Affected: ~55+
  • Workflow Run: §24583641830

Findings by Tool

Tool Total Critical High Medium Low Informational/Note
zizmor (security) ~107 0 1 1 21 ~84
poutine (supply chain) ~21 0 0 0 0 21 (8 errors, 1 warn, 12 notes)
actionlint (linting) 112 112 errors
runner-guard (taint analysis) 0 0 0 0 0 0

Clustered Findings by Tool and Type

Zizmor Security Findings

Issue Type Severity Count Affected Workflows
github-env High 1 dev-hawk
secrets-inherit Medium 1 smoke-call-workflow
obfuscation Low 21 agent-performance-analyzer, audit-workflows, copilot-agent-analysis, copilot-cli-deep-research, copilot-pr-nlp-analysis, copilot-pr-prompt-analysis, copilot-session-insights, copilot-token-audit, copilot-token-optimizer, daily-cli-performance, daily-code-metrics, daily-news, daily-testify-uber-super-expert, deep-report, delight, discussion-task-miner, firewall-escape, metrics-collector, pr-triage-agent, security-compliance, workflow-health-manager
template-injection Informational ~84 ~28 workflows (3 instances each — "Start MCP Gateway" step pattern)

Poutine Supply Chain Findings

Issue Type Severity Count Affected Workflows
untrusted_checkout_exec error 8 smoke-workflow-call, smoke-workflow-call-with-inputs
pr_runs_on_self_hosted warning 1 smoke-copilot-arm
unverified_script_exec note ~6 copilot-token-optimizer, copilot-token-audit, copilot-setup-steps.yml
github_action_from_unverified_creator_used note ~7 astral-sh/setup-uv, gaurav-nelson/github-action-markdown-link-check, super-linter/super-linter, actions-ecosystem/action-add-labels
unpinnable_action note 2 .github/actions/daily-perf-improver, .github/actions/daily-test-improver

Actionlint Linting Issues

Issue Type Count Affected Workflows
permissions — unknown scope copilot-requests 101 ~50 workflows (2× each)
expression — undefined output property 11 ace-editor (.activated), smoke-claude (.artifact_prefix ×2), smoke-workflow-call (4×job.*), smoke-workflow-call-with-inputs (4×job.*)

Runner-Guard Taint Analysis Findings

Runner-Guard ran successfully but produced no findings in this scan.

Issues created: none

Top Priority Issues

1. github-env — Dangerous Environment File Usage

  • Tool: zizmor
  • Count: 1
  • Severity: High
  • Affected: dev-hawk.md (compiled line 1381)
  • Description: A run: step writes to $GITHUB_ENV in the ghes-host-config step, deriving GH_HOST from GITHUB_SERVER_URL.
  • Impact: If attacker-controlled input can influence values written to GITHUB_ENV, this enables env variable injection persisting across all subsequent steps.
  • Reference: (docs.zizmor.sh/redacted)

2. untrusted_checkout_exec — Arbitrary Code Execution (Poutine)

  • Tool: poutine
  • Count: 8 occurrences across 2 workflows
  • Severity: error
  • Affected: smoke-workflow-call.md, smoke-workflow-call-with-inputs.md
  • Description: Bash scripts executed after checkout of potentially untrusted code.
  • Note: Steps have # poutine:ignore untrusted_checkout_exec suppressions — risk is acknowledged.

3. permissions — Unknown Scope copilot-requests (Actionlint)

  • Tool: actionlint
  • Count: 101
  • Severity: error
  • Affected: ~50 workflows
  • Description: actionlint 1.7.12 does not recognize copilot-requests as a valid permission scope.
  • Impact: Likely false positives — copilot-requests is a newer permission scope not yet in actionlint's schema.

Fix Suggestion for github-env (Highest Real Severity)

Issue: Dangerous use of $GITHUB_ENV in dev-hawk.md
Severity: High
Affected Workflows: 1

Prompt to Copilot Agent:

You are fixing a security vulnerability identified by zizmor in .github/workflows/dev-hawk.md.

**Vulnerability**: Dangerous use of GITHUB_ENV environment file
**Rule**: github-env — (docs.zizmor.sh/redacted)
**Severity**: High

**Current Issue**:
The step with id: ghes-host-config (around compiled line 1381) writes to $GITHUB_ENV.
Comment says: "Derive GH_HOST from GITHUB_SERVER_URL so the gh CLI targets the correct GitHub instance."

**Required Fix** (choose one):

Option A — Use $GITHUB_OUTPUT instead of $GITHUB_ENV:
Before:
  - id: ghes-host-config
    shell: bash
    run: |
      GH_HOST=$(echo "$GITHUB_SERVER_URL" | sed 's|https://||')
      echo "GH_HOST=$GH_HOST" >> $GITHUB_ENV

After:
  - id: ghes-host-config
    shell: bash
    run: |
      GH_HOST=$(echo "$GITHUB_SERVER_URL" | sed 's|https://||')
      echo "gh_host=$GH_HOST" >> $GITHUB_OUTPUT

Then update downstream steps to use:
  env:
    GH_HOST: $\{\{ steps.ghes-host-config.outputs.gh_host }}

Option B — Add suppression comment if value is from trusted source only:
  - id: ghes-host-config
    shell: bash
    run: |
      # zizmor: ignore[github-env] — value derived exclusively from trusted GITHUB_SERVER_URL
      GH_HOST=$(echo "$GITHUB_SERVER_URL" | sed 's|https://||')
      echo "GH_HOST=$GH_HOST" >> $GITHUB_ENV

Please apply Option A (preferred) or Option B to .github/workflows/dev-hawk.md.

All Findings Details

Actionlint Expression Errors (11 instances)

ace-editor.lock.yml

  • Line 609: needs.activation.outputs.activated — property activated not defined in activation output type
    • Condition: if: needs.activation.outputs.activated == 'true'

smoke-claude.lock.yml

  • Lines 871, 2487: needs.activation.outputs.artifact_prefix — property not defined
    • Used as: name: $\{\{ needs.activation.outputs.artifact_prefix }}apm

smoke-workflow-call.lock.yml & smoke-workflow-call-with-inputs.lock.yml

  • 4 properties each: job.workflow_repository, job.workflow_sha, job.workflow_ref, job.workflow_file_path — not in actionlint's job context schema
Zizmor Findings Detail

dev-hawk.lock.yml — github-env (High)

  • Line: 1381
  • Step id: ghes-host-config
  • Description: Writes to $GITHUB_ENV, setting GH_HOST derived from GITHUB_SERVER_URL

smoke-call-workflow.lock.yml — secrets-inherit (Medium)

  • Line: 911
  • Description: Calls ./.github/workflows/smoke-workflow-call.lock.yml — secrets unconditionally inherited

Obfuscation (Low) — GH_AW_WIKI_NOTE: $\{\{ '' }}

Pattern: empty string expression $\{\{ '' }} used in env var — flagged as obfuscated usage
Affected 21 workflows (see table above)

Template-Injection (Informational)

Step name pattern "Start MCP Gateway" and similar in ~28 workflows triggers informational warnings.
(Likely false positives from step-name analysis rather than actual injection vectors.)

Poutine Findings Detail

smoke-workflow-call.lock.yml — untrusted_checkout_exec (error, 4 instances)

Lines 199, 226, 327, 332 — bash scripts run after untrusted checkout (all have # poutine:ignore suppressions)

smoke-workflow-call-with-inputs.lock.yml — untrusted_checkout_exec (error, 4 instances)

Lines 196, 223, 332, 337 — same pattern

smoke-copilot-arm.lock.yml — pr_runs_on_self_hosted (warning)

Job agent runs on ubuntu-24.04-arm

Unverified Script Execution (notes)

curl -fsSL https://raw.githubusercontent.com/github/gh-aw/refs/heads/main/install-gh-aw.sh | bash
Affected: copilot-token-optimizer, copilot-token-audit, copilot-setup-steps.yml

Unverified Creator Actions (notes)

  • astral-sh/setup-uv@eac588ad... — copilot-token-optimizer, copilot-token-audit, copilot-setup-steps.yml
  • astral-sh/setup-uv@cec208311... — mcp-inspector
  • gaurav-nelson/github-action-markdown-link-check@5c5dfc0a... — link-check.yml (×2)
  • super-linter/super-linter@9e863354... — super-linter.lock.yml
  • actions-ecosystem/action-add-labels@c96b68fe... — smoke-codex.lock.yml

Unpinnable Actions (notes)

  • .github/actions/daily-perf-improver/build-steps/action.yml
  • .github/actions/daily-test-improver/coverage-steps/action.yml

Historical Trends

  • Previous Scan: 2026-04-16 (§24530583278)
  • Previous Total Findings: ~244
  • Current Total Findings: ~240
  • Change: -4 findings (-1.6%)
  • Workflows Scanned: 194 (was 192, +2 new workflows)

Recurring Issues (seen in both scans)

  • github-env in dev-hawk (zizmor High) — not yet fixed
  • untrusted_checkout_exec in smoke-workflow-call workflows (poutine error) — not yet fixed
  • permissions:copilot-requests across ~50 workflows (actionlint) — not yet fixed

New Issues

None identified compared to previous scan.

Resolved Issues

None identified.

Recommendations

  1. Immediate: Fix github-env High severity finding in dev-hawk.md — either refactor to $GITHUB_OUTPUT or add explicit suppression comment
  2. Short-term: Update actionlint configuration to allowlist copilot-requests permission scope (eliminates 101 false-positive errors)
  3. Short-term: Fix expression errors for undefined output properties in ace-editor, smoke-claude, and smoke-workflow-call workflows
  4. Medium-term: Address secrets-inherit in smoke-call-workflow — consider explicit secret passing
  5. Long-term: Replace curl | bash install patterns with pinned releases to address poutine supply chain notes
  6. Prevention: Update workflow templates to avoid $\{\{ '' }} obfuscation patterns

Next Steps

  • Fix github-env High severity in dev-hawk.md
  • Add actionlint config to ignore copilot-requests permission scope
  • Fix expression errors for undefined output properties
  • Review secrets-inherit in smoke-call-workflow.md

References:

Generated by Static Analysis Report · ● 327.4K ·

  • expires on Apr 24, 2026, 7:55 PM UTC

Metadata

Metadata

Assignees

No one assigned

    Labels

    automationsecurity

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions