|
| 1 | +{ |
| 2 | + "schema_version": "1.0.0", |
| 3 | + "entries": [ |
| 4 | + { |
| 5 | + "fingerprint": "9d0089bfdc5701be25b676b48dd9770428fa0c2490dc576fe1daebcd556bd1b5", |
| 6 | + "rule_id": "IAC-351", |
| 7 | + "file_path": ".github/workflows/deploy.yml", |
| 8 | + "severity": "critical", |
| 9 | + "reason": "False positive: id-token: write is standard GitHub OIDC permission, not a hardcoded secret", |
| 10 | + "created_at": "2026-03-25T06:38:57.127066Z" |
| 11 | + }, |
| 12 | + { |
| 13 | + "fingerprint": "892754ab5606f038cfad9bdaa32d4097c93c8ac82620844d78919767dcbf99c9", |
| 14 | + "rule_id": "SEC-574", |
| 15 | + "file_path": "interpreter.go", |
| 16 | + "severity": "high", |
| 17 | + "reason": "False positive: Go function name findMatchingTransitionHierarchical, not an API key", |
| 18 | + "created_at": "2026-03-25T06:38:57.99013Z" |
| 19 | + }, |
| 20 | + { |
| 21 | + "fingerprint": "d783d02a7388494a6bd97b72223860d775ebd8ef29e5a5eb45b3bd72278f0d9e", |
| 22 | + "rule_id": "SEC-574", |
| 23 | + "file_path": "interpreter.go", |
| 24 | + "severity": "high", |
| 25 | + "reason": "False positive: Go function name in interpreter.go, not an API key", |
| 26 | + "created_at": "2026-03-25T06:39:00.635594Z" |
| 27 | + }, |
| 28 | + { |
| 29 | + "fingerprint": "1d19d4066b6c852565be70445892886c9d60587170f66d7218bb48566ae0ac11", |
| 30 | + "rule_id": "SEC-574", |
| 31 | + "file_path": "interpreter.go", |
| 32 | + "severity": "high", |
| 33 | + "reason": "False positive: Go function name in interpreter.go, not an API key", |
| 34 | + "created_at": "2026-03-25T06:39:03.324286Z" |
| 35 | + }, |
| 36 | + { |
| 37 | + "fingerprint": "406a144312a197c9e9a6ede5611addee7d2af138f9fac1909e47efa2cea8f05a", |
| 38 | + "rule_id": "SEC-085", |
| 39 | + "file_path": "docs/src/components/Layout.astro", |
| 40 | + "severity": "high", |
| 41 | + "reason": "False positive: Google Fonts URL in Layout.astro, not an embedded password", |
| 42 | + "created_at": "2026-03-25T06:39:05.940481Z" |
| 43 | + }, |
| 44 | + { |
| 45 | + "fingerprint": "8350b50e1c155a355f6aad272c7fbc887bba3c9ab6cf5b2f5aa2d42bf8eb36f4", |
| 46 | + "rule_id": "DATA-001", |
| 47 | + "file_path": "examples/form_wizard/main.go", |
| 48 | + "severity": "medium", |
| 49 | + "reason": "False positive: Example email in form_wizard example code", |
| 50 | + "created_at": "2026-03-25T06:39:23.020218Z" |
| 51 | + }, |
| 52 | + { |
| 53 | + "fingerprint": "fdbff9ae219374de021b4b26478adc3865b3df57b335fcc1d2e487c4ae186d53", |
| 54 | + "rule_id": "DATA-001", |
| 55 | + "file_path": "examples/form_wizard/main_test.go", |
| 56 | + "severity": "medium", |
| 57 | + "reason": "False positive: Example email in form_wizard test", |
| 58 | + "created_at": "2026-03-25T06:39:26.068251Z" |
| 59 | + }, |
| 60 | + { |
| 61 | + "fingerprint": "bad9361eeb8f840577f51a78a2710eb703ec7aef98ee347180e7139f791f51a5", |
| 62 | + "rule_id": "DATA-001", |
| 63 | + "file_path": "examples/form_wizard/main_test.go", |
| 64 | + "severity": "medium", |
| 65 | + "reason": "False positive: Example email in form_wizard test", |
| 66 | + "created_at": "2026-03-25T06:39:27.898684Z" |
| 67 | + }, |
| 68 | + { |
| 69 | + "fingerprint": "4494d39766fa56754252b832e3631e680af7427d77934140d5698ca3874a4b3c", |
| 70 | + "rule_id": "DATA-001", |
| 71 | + "file_path": "examples/incident_lifecycle/README.md", |
| 72 | + "severity": "medium", |
| 73 | + "reason": "False positive: Example email in incident_lifecycle README", |
| 74 | + "created_at": "2026-03-25T06:39:30.453859Z" |
| 75 | + }, |
| 76 | + { |
| 77 | + "fingerprint": "b4ab0b02b05a7bd4d6392b67ca43ae73d3c632880892ee224815baaf2cbb7fc8", |
| 78 | + "rule_id": "DATA-001", |
| 79 | + "file_path": "examples/incident_lifecycle/main.go", |
| 80 | + "severity": "medium", |
| 81 | + "reason": "False positive: Example email in incident_lifecycle example code", |
| 82 | + "created_at": "2026-03-25T06:39:32.867304Z" |
| 83 | + }, |
| 84 | + { |
| 85 | + "fingerprint": "4af846f226f11f4e5985868cf25cbd7b1396cd4309b2021d897172a4699e2182", |
| 86 | + "rule_id": "DATA-001", |
| 87 | + "file_path": "examples/incident_lifecycle/main_test.go", |
| 88 | + "severity": "medium", |
| 89 | + "reason": "False positive: Example email in incident_lifecycle test", |
| 90 | + "created_at": "2026-03-25T06:39:45.865869Z" |
| 91 | + }, |
| 92 | + { |
| 93 | + "fingerprint": "71d669e56a2d75ec0556ce6e8f14f9c11a0d1f43a64317d013a3bc7c6b20af4f", |
| 94 | + "rule_id": "DATA-001", |
| 95 | + "file_path": "examples/incident_lifecycle/main_test.go", |
| 96 | + "severity": "medium", |
| 97 | + "reason": "False positive: Example email in incident_lifecycle test", |
| 98 | + "created_at": "2026-03-25T06:39:48.84891Z" |
| 99 | + }, |
| 100 | + { |
| 101 | + "fingerprint": "298e02648e8b41d1e2a84bf46c4a34978017a824229f405c79a25fd2f793936d", |
| 102 | + "rule_id": "SEC-161", |
| 103 | + "file_path": "performance_bench_test.go", |
| 104 | + "severity": "medium", |
| 105 | + "reason": "False positive: High-entropy test string in performance benchmark, not a secret", |
| 106 | + "created_at": "2026-03-25T06:39:49.789535Z" |
| 107 | + }, |
| 108 | + { |
| 109 | + "fingerprint": "a71534eb8575fbdddb2341ecb7f8cb9eface72dcc8938e617c908c0068dbbe47", |
| 110 | + "rule_id": "IAC-306", |
| 111 | + "file_path": ".github/workflows/deploy.yml", |
| 112 | + "severity": "medium", |
| 113 | + "reason": "Accepted: OIDC token write is required for GitHub Pages deployment", |
| 114 | + "created_at": "2026-03-25T06:40:04.214042Z" |
| 115 | + }, |
| 116 | + { |
| 117 | + "fingerprint": "2d99c42b5637e1deb4d3b100fa949faac2626a75c53da8a2ae774d7eeb3e0b3a", |
| 118 | + "rule_id": "IAC-310", |
| 119 | + "file_path": ".github/workflows/ci.yml", |
| 120 | + "severity": "medium", |
| 121 | + "reason": "Accepted: continue-on-error on security scan is intentional - scan is non-blocking", |
| 122 | + "created_at": "2026-03-25T06:40:07.529Z" |
| 123 | + }, |
| 124 | + { |
| 125 | + "fingerprint": "db6ba4f77d34472dcdbf40eab97860e652f53c06a5486044c6a60c952d33838e", |
| 126 | + "rule_id": "IAC-018", |
| 127 | + "file_path": ".github/workflows/ci.yml", |
| 128 | + "severity": "low", |
| 129 | + "reason": "Accepted: continue-on-error on security scan is intentional - scan is non-blocking", |
| 130 | + "created_at": "2026-03-25T06:40:09.94049Z" |
| 131 | + }, |
| 132 | + { |
| 133 | + "fingerprint": "be85f18ea6f2212d4e4e9f66bcabc9651dbb3d8d94b2ee9d7c6fee73257f6b20", |
| 134 | + "rule_id": "IAC-308", |
| 135 | + "file_path": ".github/workflows/deploy.yml", |
| 136 | + "severity": "low", |
| 137 | + "reason": "Accepted: workflow_dispatch is intentional for manual deploy triggers", |
| 138 | + "created_at": "2026-03-25T06:40:10.992288Z" |
| 139 | + }, |
| 140 | + { |
| 141 | + "fingerprint": "98e4aa7666099d7ec6bed5d3a6b5dbb9e151248b87e6a392b03b79a7a0da3365", |
| 142 | + "rule_id": "IAC-013", |
| 143 | + "file_path": ".github/workflows/ci.yml", |
| 144 | + "severity": "high", |
| 145 | + "reason": "Accepted: actions/checkout@v4 is a first-party GitHub action, tag pinning is standard practice", |
| 146 | + "created_at": "2026-03-25T06:40:18.313684Z" |
| 147 | + }, |
| 148 | + { |
| 149 | + "fingerprint": "f96b474605ca31dfc0fcfe3ecff3fad866f257e6d27326fe3abad4efe48b1fb4", |
| 150 | + "rule_id": "IAC-013", |
| 151 | + "file_path": ".github/workflows/ci.yml", |
| 152 | + "severity": "high", |
| 153 | + "reason": "Accepted: actions/setup-go@v5 is a first-party GitHub action", |
| 154 | + "created_at": "2026-03-25T06:40:21.14889Z" |
| 155 | + }, |
| 156 | + { |
| 157 | + "fingerprint": "38c948dce18363869a0a23c43300cc763a91b4829eb0c542bb53f4cfb67e57c7", |
| 158 | + "rule_id": "IAC-013", |
| 159 | + "file_path": ".github/workflows/ci.yml", |
| 160 | + "severity": "high", |
| 161 | + "reason": "Accepted: first-party GitHub action pinned to major version tag", |
| 162 | + "created_at": "2026-03-25T06:40:23.764017Z" |
| 163 | + }, |
| 164 | + { |
| 165 | + "fingerprint": "617a3814ea260412b24e583254b990357c105712bbe5ea5c4ed2014f7f7b65b0", |
| 166 | + "rule_id": "IAC-013", |
| 167 | + "file_path": ".github/workflows/ci.yml", |
| 168 | + "severity": "high", |
| 169 | + "reason": "Accepted: first-party GitHub action pinned to major version tag", |
| 170 | + "created_at": "2026-03-25T06:40:26.63394Z" |
| 171 | + }, |
| 172 | + { |
| 173 | + "fingerprint": "e7393cb52f0e257c90b35ce9d3be036ee28a8945734296add7dc68bc53fa6c72", |
| 174 | + "rule_id": "IAC-013", |
| 175 | + "file_path": ".github/workflows/ci.yml", |
| 176 | + "severity": "high", |
| 177 | + "reason": "Accepted: first-party GitHub action pinned to major version tag", |
| 178 | + "created_at": "2026-03-25T06:40:28.916925Z" |
| 179 | + }, |
| 180 | + { |
| 181 | + "fingerprint": "d1a7684157a4461c1a83a6f5441169d439ea3992a7d4affaa964a4eca04547c7", |
| 182 | + "rule_id": "IAC-013", |
| 183 | + "file_path": ".github/workflows/ci.yml", |
| 184 | + "severity": "high", |
| 185 | + "reason": "Accepted: first-party GitHub action pinned to major version tag", |
| 186 | + "created_at": "2026-03-25T06:41:03.759943Z" |
| 187 | + }, |
| 188 | + { |
| 189 | + "fingerprint": "6edc196fba212dcb0fc302717f28e1cd35d52ece417422696895aa4ad0157201", |
| 190 | + "rule_id": "IAC-013", |
| 191 | + "file_path": ".github/workflows/ci.yml", |
| 192 | + "severity": "high", |
| 193 | + "reason": "Accepted: golangci-lint action pinned to major version tag", |
| 194 | + "created_at": "2026-03-25T06:41:03.797439Z" |
| 195 | + }, |
| 196 | + { |
| 197 | + "fingerprint": "6443eafb87035bb6f236008e8576ad6f7b14842cd7f41c568b8a9c62dfe16b44", |
| 198 | + "rule_id": "IAC-013", |
| 199 | + "file_path": ".github/workflows/ci.yml", |
| 200 | + "severity": "high", |
| 201 | + "reason": "Accepted: first-party GitHub action pinned to major version tag", |
| 202 | + "created_at": "2026-03-25T06:41:03.818953Z" |
| 203 | + }, |
| 204 | + { |
| 205 | + "fingerprint": "f85045b61e158faafd522fd4672ca5008d01ba69410e36fb858a122609031b27", |
| 206 | + "rule_id": "IAC-013", |
| 207 | + "file_path": ".github/workflows/ci.yml", |
| 208 | + "severity": "high", |
| 209 | + "reason": "Accepted: first-party GitHub action pinned to major version tag", |
| 210 | + "created_at": "2026-03-25T06:41:03.842197Z" |
| 211 | + }, |
| 212 | + { |
| 213 | + "fingerprint": "0db431cfc5f3ebc8b1eb4ea7f2c7689432b10812fec82dd11327f6dcf91c3abc", |
| 214 | + "rule_id": "IAC-013", |
| 215 | + "file_path": ".github/workflows/ci.yml", |
| 216 | + "severity": "high", |
| 217 | + "reason": "Accepted: nox GitHub action pinned to major version tag", |
| 218 | + "created_at": "2026-03-25T06:41:03.861384Z" |
| 219 | + }, |
| 220 | + { |
| 221 | + "fingerprint": "35d6decc391cbb0d2f1ce954839e697044091da11c0bb617242e6a0d79a8d1f5", |
| 222 | + "rule_id": "IAC-013", |
| 223 | + "file_path": ".github/workflows/deploy.yml", |
| 224 | + "severity": "high", |
| 225 | + "reason": "Accepted: first-party GitHub action pinned to major version tag", |
| 226 | + "created_at": "2026-03-25T06:41:11.168341Z" |
| 227 | + }, |
| 228 | + { |
| 229 | + "fingerprint": "1e1d9f9fdb17a829419b37a3e02d90c0a726d1dd1c8d08cbde155008fdf5ae5c", |
| 230 | + "rule_id": "IAC-013", |
| 231 | + "file_path": ".github/workflows/deploy.yml", |
| 232 | + "severity": "high", |
| 233 | + "reason": "Accepted: actions/setup-node pinned to major version tag", |
| 234 | + "created_at": "2026-03-25T06:41:15.066738Z" |
| 235 | + }, |
| 236 | + { |
| 237 | + "fingerprint": "f974f882a03bcf61d8c63e263ce727119dbcea17b7565c57ca1c2146a5ecf578", |
| 238 | + "rule_id": "IAC-013", |
| 239 | + "file_path": ".github/workflows/deploy.yml", |
| 240 | + "severity": "high", |
| 241 | + "reason": "Accepted: peaceiris/actions-gh-pages pinned to major version tag", |
| 242 | + "created_at": "2026-03-25T06:41:17.03027Z" |
| 243 | + }, |
| 244 | + { |
| 245 | + "fingerprint": "eae4be6d435f0b5f66d57ab8359ec06f88e0191c75e34827c7dc7d584bae84ce", |
| 246 | + "rule_id": "IAC-013", |
| 247 | + "file_path": ".github/workflows/deploy.yml", |
| 248 | + "severity": "high", |
| 249 | + "reason": "Accepted: actions/deploy-pages pinned to major version tag", |
| 250 | + "created_at": "2026-03-25T06:41:19.761001Z" |
| 251 | + }, |
| 252 | + { |
| 253 | + "fingerprint": "ce40a00c8094a6ac1e9f19ad032325f8d94dd59d2e218cd9d7093ddc9cb381ee", |
| 254 | + "rule_id": "IAC-013", |
| 255 | + "file_path": ".github/workflows/deploy.yml", |
| 256 | + "severity": "high", |
| 257 | + "reason": "Accepted: actions/upload-pages-artifact pinned to major version tag", |
| 258 | + "created_at": "2026-03-25T06:41:22.483607Z" |
| 259 | + } |
| 260 | + ] |
| 261 | +} |
0 commit comments