Align OS and VM runtime defaults #154
SecAI-Hubci.yml
on: push
Matrix: Go Build & Test
Python Test & Lint
50s
Security Regression Tests
42s
Test Count Drift Check
37s
Dependency Vulnerability Audit
47s
Documentation Validation
6s
Shell Script Lint
8s
Validate YAML configs
6s
Image Reference Consistency
5s
Verify action & container pins
8s
Supply Chain & SBOM Verification
33s
Sandbox OpenVEX Smoke
7m 48s
Release Branch Hardened Gate
0s
Annotations
2 errors and 16 warnings
|
Dependency Vulnerability Audit
Process completed with exit code 1.
|
|
Dependency Vulnerability Audit
pip: GHSA-58qw-9mgm-455v — pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing "incorrect" files according to the filename of the archive. New behavior only proceeds with installation if the file identifies uniquely as a ZIP or tar archive, not as both.
|
|
Documentation Validation
test-counts.json may be stale: ~1502 tests vs documented 1411 (drift: +91)
|
|
Supply Chain & SBOM Verification
Restore cache failed: Dependencies file is not found in /home/runner/work/SecAI_OS/SecAI_OS. Supported file pattern: go.mod
|
|
Test Count Drift Check
Restore cache failed: Dependencies file is not found in /home/runner/work/SecAI_OS/SecAI_OS. Supported file pattern: go.mod
|
|
Security Regression Tests
Restore cache failed: Dependencies file is not found in /home/runner/work/SecAI_OS/SecAI_OS. Supported file pattern: go.mod
|
|
Dependency Vulnerability Audit
Restore cache failed: Dependencies file is not found in /home/runner/work/SecAI_OS/SecAI_OS. Supported file pattern: go.mod
|
|
Python Test & Lint
services/quarantine/quarantine/watcher.py:240: [MEDIUM] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
|
|
Python Test & Lint
services/quarantine/quarantine/pipeline.py:1538: [MEDIUM] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
|
|
Python Test & Lint
services/quarantine/quarantine/pipeline.py:1506: [MEDIUM] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
|
|
Python Test & Lint
services/diffusion-worker/entrypoint.py:54: [MEDIUM] Probable insecure usage of temp file/directory.
|
|
Python Test & Lint
services/diffusion-worker/entrypoint.py:43: [MEDIUM] Probable insecure usage of temp file/directory.
|
|
Python Test & Lint
services/diffusion-worker/entrypoint.py:42: [MEDIUM] Probable insecure usage of temp file/directory.
|
|
Python Test & Lint
services/diffusion-worker/entrypoint.py:41: [MEDIUM] Probable insecure usage of temp file/directory.
|
|
Python Test & Lint
services/diffusion-worker/entrypoint.py:39: [MEDIUM] Probable insecure usage of temp file/directory.
|
|
Python Test & Lint
services/agent/agent/sandbox.py:403: [MEDIUM] Probable insecure usage of temp file/directory.
|
|
Python Test & Lint
services/agent/agent/app.py:651: [MEDIUM] Chmod setting a permissive mask 0o660 on file (sock_file).
|
|
Sandbox OpenVEX Smoke
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
Artifacts
Produced during runtime
| Name | Size | Digest | |
|---|---|---|---|
|
sandbox-vex-smoke
|
1.2 KB |
sha256:b8c79e6f4f9afc95756fca6e6743712698f05930764ee1204e6f36de9f47a328
|
|