Audit pinned Python requirements in CI #155
SecAI-Hubci.yml
on: push
Matrix: Go Build & Test
Python Test & Lint
34s
Security Regression Tests
40s
Test Count Drift Check
38s
Dependency Vulnerability Audit
57s
Documentation Validation
8s
Shell Script Lint
8s
Validate YAML configs
8s
Image Reference Consistency
4s
Verify action & container pins
8s
Supply Chain & SBOM Verification
32s
Sandbox OpenVEX Smoke
7m 48s
Release Branch Hardened Gate
0s
Annotations
16 warnings
|
Documentation Validation
test-counts.json may be stale: ~1503 tests vs documented 1411 (drift: +92)
|
|
Supply Chain & SBOM Verification
Restore cache failed: Dependencies file is not found in /home/runner/work/SecAI_OS/SecAI_OS. Supported file pattern: go.mod
|
|
Python Test & Lint
services/quarantine/quarantine/watcher.py:240: [MEDIUM] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
|
|
Python Test & Lint
services/quarantine/quarantine/pipeline.py:1538: [MEDIUM] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
|
|
Python Test & Lint
services/quarantine/quarantine/pipeline.py:1506: [MEDIUM] Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.
|
|
Python Test & Lint
services/diffusion-worker/entrypoint.py:54: [MEDIUM] Probable insecure usage of temp file/directory.
|
|
Python Test & Lint
services/diffusion-worker/entrypoint.py:43: [MEDIUM] Probable insecure usage of temp file/directory.
|
|
Python Test & Lint
services/diffusion-worker/entrypoint.py:42: [MEDIUM] Probable insecure usage of temp file/directory.
|
|
Python Test & Lint
services/diffusion-worker/entrypoint.py:41: [MEDIUM] Probable insecure usage of temp file/directory.
|
|
Python Test & Lint
services/diffusion-worker/entrypoint.py:39: [MEDIUM] Probable insecure usage of temp file/directory.
|
|
Python Test & Lint
services/agent/agent/sandbox.py:403: [MEDIUM] Probable insecure usage of temp file/directory.
|
|
Python Test & Lint
services/agent/agent/app.py:651: [MEDIUM] Chmod setting a permissive mask 0o660 on file (sock_file).
|
|
Test Count Drift Check
Restore cache failed: Dependencies file is not found in /home/runner/work/SecAI_OS/SecAI_OS. Supported file pattern: go.mod
|
|
Security Regression Tests
Restore cache failed: Dependencies file is not found in /home/runner/work/SecAI_OS/SecAI_OS. Supported file pattern: go.mod
|
|
Dependency Vulnerability Audit
Restore cache failed: Dependencies file is not found in /home/runner/work/SecAI_OS/SecAI_OS. Supported file pattern: go.mod
|
|
Sandbox OpenVEX Smoke
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
Artifacts
Produced during runtime
| Name | Size | Digest | |
|---|---|---|---|
|
sandbox-vex-smoke
|
1.2 KB |
sha256:f166235a161fcf5311b72ad5fc9365377e2a47eb3c7bb8e60604d73f18aaaaec
|
|