add link to docs

billnapier · billnapier · commit 1ee5e1894bf3 · 2025-03-25T18:43:18.000Z
diff --git a/semgrep-rules/actions/pull_request_target_needs_exception.yaml b/semgrep-rules/actions/pull_request_target_needs_exception.yaml
@@ -3,13 +3,15 @@ rules:
     languages:
       - yaml
     severity: ERROR
-    message: pull_request_target is considered very risky and should only be used when strictly needed.  Please prefer other triggers when possible.  If you think this is needed, you can dismiss this alert and merge your PR.
+    message: 'pull_request_target is considered very risky and should only be used when strictly needed.  Please
+      prefer other triggers when possible.  If you think this is needed, you can dismiss this alert and
+      merge your PR.  More information: https://google.github.io/github-team/semgrep-rules/pull-request-target-needs-exception.html'
     metadata:
       category: best-practice
       technology:
-        - github-actions      
+        - github-actions
     patterns:
       - pattern-either:
           - patterns:
               - pattern-inside: "{on: ...}"
-              - pattern: pull_request_target
+              - pattern: pull_request_target
