TT-15793 added workflow to Suggest target branches #7511
Merged
probelabs / Visor: security
succeeded
Nov 6, 2025 in 4m 0s
✅ Check Passed (Warnings Found)
security check passed. Found 1 warning, but fail_if condition was not met.
Details
📊 Summary
- Total Issues: 1
- Warning Issues: 1
🐛 Issues by Category
🔐 Security (1)
⚠️ .github/workflows/intelligent-branch-recomendations.yml:16 - The reusable workflow is pinned to a mutable branch (main), which creates a supply chain risk. If themainbranch of the source repository (TykTechnologies/github-actions) is compromised, malicious code could be executed. The risk is elevated because the workflow haspull-requests: writepermissions and access to aJIRA_TOKENsecret.
Powered by Visor from Probelabs
💡 TIP: You can chat with Visor using /visor ask <your question>
Annotations
Check warning on line 16 in .github/workflows/intelligent-branch-recomendations.yml
probelabs / Visor: security
security Issue
The reusable workflow is pinned to a mutable branch (`main`), which creates a supply chain risk. If the `main` branch of the source repository (`TykTechnologies/github-actions`) is compromised, malicious code could be executed. The risk is elevated because the workflow has `pull-requests: write` permissions and access to a `JIRA_TOKEN` secret.
Raw output
Pin the reusable workflow to a specific commit SHA or a stable tag to ensure a trusted version is used. Example: `uses: TykTechnologies/github-actions/.github/workflows/branch-suggestion.yml@abcdef1234567890abcdef1234567890abcdef12`
Loading