Skip to content

improv(ci): Added comments in workflow files triggering Excessive Secret Exposure Alert #4367

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 22, 2025
Merged

improv(ci): Added comments in workflow files triggering Excessive Secret Exposure Alert #4367

merged 1 commit into from
Aug 22, 2025

Conversation

sdangol
Copy link
Contributor

@sdangol sdangol commented Aug 21, 2025
edited
Loading

Summary

This PR adds comments for the justification of the excessive secret exposure alert as identified by CodeQL. The finding is a false positive since the secrets are scoped down to specific environments which has only the secrets that it needs.

Changes

Please provide a summary of what's being changed

  • Added comments in the workflow file about the justification of the use of dynamically accessed secrets

Please add the issue number below, if no issue is present the PR might get blocked and not be reviewed

Issue number: closes #4365

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

Disclaimer: We value your time and bandwidth. As such, any pull requests created on non-triaged issues might not be successful.

@sdangol sdangol self-assigned this Aug 21, 2025
@pull-request-size pull-request-size bot added the size/M PR between 30-99 LOC label Aug 21, 2025
@sdangol sdangol requested a review from sthulb August 21, 2025 13:20
@boring-cyborg boring-cyborg bot added the automation This item relates to automation label Aug 21, 2025
@pull-request-size pull-request-size bot added size/L PRs between 100-499 LOC and removed size/M PR between 30-99 LOC labels Aug 21, 2025
@sdangol sdangol force-pushed the improv/excessive-secret-exposure branch from ad26eca to 927e00a Compare August 22, 2025 08:29
@pull-request-size pull-request-size bot added size/M PR between 30-99 LOC and removed size/L PRs between 100-499 LOC labels Aug 22, 2025
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@sdangol sdangol changed the title improv(ci): Removed dynamically accessed secrets to avoid excessive secret exposure improv(ci): Added comments in workflow files triggering Excessive Secret Exposure Alert Aug 22, 2025
@sdangol sdangol merged commit 551c34c into main Aug 22, 2025
44 checks passed
@sdangol sdangol deleted the improv/excessive-secret-exposure branch August 22, 2025 08:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sthulb sthulb sthulb approved these changes

Assignees

@sdangol sdangol

Labels
automation This item relates to automation size/M PR between 30-99 LOC
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Maintenance: Avoid Excessive Secret Exposure through dynamically accessed secrets in workflow
2 participants
@sdangol @sthulb