#331 will add composite action support. From there, the current audits need to be extended to work with composite actions, where appropriate. - [x] artipacked #896 - [x] dangerous-triggers (N/A) - [x] excessive-permissions (N/A) - [x] hardcoded-container-credentials (N/A?) - [x] impostor-commit: #331 - [x] known-vulnerable-actions @ubiratansoares #367 - [x] ref-confusion @ubiratansoares #365 - [x] self-hosted-runner (N/A?) - [x] template-injection: #331 - [x] use-trusted-publishing #899 - [x] unpinned-uses @ubiratansoares #364 - [x] insecure-commands #359 - [x] github-env #358 - [x] cache-poisoning (N/A?)
#331 will add composite action support. From there, the current audits need to be extended to work with composite actions, where appropriate.