Skip to content

fix(helm/dependabot/renovate): Fix broken automatic update #13613

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
valentijnscholten merged 1 commit into from
Nov 6, 2025

fix(helm/dependabot/renovate): Fix broken automatic update (#13520, #…

218e263
Select commit
Loading
Failed to load commit list.
Merged

fix(helm/dependabot/renovate): Fix broken automatic update #13613

fix(helm/dependabot/renovate): Fix broken automatic update (#13520, #…
218e263
Select commit
Loading
Failed to load commit list.
DryRunSecurity / General Security Analyzer succeeded Nov 4, 2025 in 1s

DryRun Security

Details

General Security Analyzer Findings: 1 detected

⚠️ Arbitrary Code Execution in GitHub Actions from Forked Repository .github/workflows/test-helm-chart.yml (click for details)
Type Arbitrary Code Execution in GitHub Actions from Forked Repository
Description The GitHub Actions workflow uses actions/checkout to retrieve code from github.event.pull_request.head.repo.full_name and github.event.pull_request.head.ref. This means the workflow checks out and executes code directly from the head of a pull request, which can originate from an untrusted forked repository. An attacker can submit a pull request with malicious code, which will then be executed within the workflow's context, potentially leading to exfiltration of the GITHUB_TOKEN or other secrets, or injection of malicious artifacts.
Filename .github/workflows/test-helm-chart.yml
CodeLink

django-DefectDojo/.github/workflows/test-helm-chart.yml

Lines 110 to 112 in 7957037

with:
repository: ${{ github.event.pull_request.head.repo.full_name }}
ref: ${{ github.event.pull_request.head.ref }}
View more details on DryRunSecurity