Skip to content

fix: dicht systemische template-injectie in OPI-manifesten #172

fix: dicht systemische template-injectie in OPI-manifesten

fix: dicht systemische template-injectie in OPI-manifesten #172

Triggered via pull request May 21, 2026 11:50
Status Success
Total duration 1m 33s
Artifacts 4

security.yml

on: pull_request
Python dependency audit
42s
Python dependency audit
Generate SBOM
Generate SBOM
Matrix: container-scan
Fit to window
Zoom out
Zoom in

Annotations

9 warnings
Python dependency audit
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/checkout@v4, actions/setup-python@v5, astral-sh/setup-uv@v5. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
Container scan - rig-backup
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809, actions/checkout@v4, docker/build-push-action@v6, docker/setup-buildx-action@v3, github/codeql-action/upload-sarif@v3. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
Container scan - rig-backup
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
Container scan - cmp-kustomize-sops
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809, actions/checkout@v4, docker/build-push-action@v6, docker/setup-buildx-action@v3, github/codeql-action/upload-sarif@v3. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
Container scan - cmp-kustomize-sops
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
Container scan - postgresql-with-dictionaries
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809, actions/checkout@v4, docker/build-push-action@v6, docker/setup-buildx-action@v3, github/codeql-action/upload-sarif@v3. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
Container scan - postgresql-with-dictionaries
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
Container scan - operations-manager
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809, actions/checkout@v4, docker/build-push-action@v6, docker/setup-buildx-action@v3, github/codeql-action/upload-sarif@v3. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
Container scan - operations-manager
CodeQL Action v3 will be deprecated in December 2026. Please update all occurrences of the CodeQL Action in your workflow files to v4. For more information, see https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/

Artifacts

Produced during runtime
Name Size Digest
RijksICTGilde~RIG-Cluster~D0JFDP.dockerbuild
68.9 KB
sha256:87ba1bbe28bd751e0b9626e7ce27aa2e521ffc542950507c581dfc89f9403a62
RijksICTGilde~RIG-Cluster~IBGXMX.dockerbuild
73.5 KB
sha256:c5cd8b4d25c2611af9ed74bdb495491bdca094de2ee6500e40066b47cba55239
RijksICTGilde~RIG-Cluster~MDH27G.dockerbuild
49.6 KB
sha256:2b44819b4963f34f51eda43f72ad74781576df38c38cbc679b0d668c772abdd8
RijksICTGilde~RIG-Cluster~WE8KGB.dockerbuild
41.5 KB
sha256:1170e475f0ae3632789105c00e604b67699477532b6a852f832185e45918f161