[TT-16977] fix: add jira-user-email to Jira linter workflow #8052
+1
−0
probelabs / Visor: security
succeeded
Apr 16, 2026 in 23s
✅ Check Passed (Warnings Found)
security check passed. Found 1 warning, but fail_if condition was not met.
Details
📊 Summary
- Total Issues: 1
- Warning Issues: 1
🔍 Failure Condition Results
Passed Conditions
- global_fail_if: Condition passed
Issues by Category
Security (1)
⚠️ .github/workflows/jira-pr-validator.yaml:18 - The workflow uses a mutable git reference ('@main') for the 'TykTechnologies/jira-linter' action. This can introduce a supply-chain risk if the 'main' branch of the action's repository is compromised, as the workflow could unknowingly execute malicious code.
Powered by Visor from Probelabs
💡 TIP: You can chat with Visor using /visor ask <your question>
Annotations
Check warning on line 18 in .github/workflows/jira-pr-validator.yaml
probelabs / Visor: security
security Issue
The workflow uses a mutable git reference ('@main') for the 'TykTechnologies/jira-linter' action. This can introduce a supply-chain risk if the 'main' branch of the action's repository is compromised, as the workflow could unknowingly execute malicious code.Raw output
Pin the action to a specific commit SHA instead of a branch to ensure the workflow always executes a specific, audited version of the action. For example: 'uses: TykTechnologies/jira-linter@<full-commit-sha>'.
Loading