R026 no-inherit-secrets | โ |
R030 no-pr-head-checkout-in-pull-request-target | โ |
R027 no-secrets-in-if | โ |
R036 no-self-hosted-runner-on-fork-pr-events | โ |
R029 no-untrusted-input-in-run | โ |
R023 no-write-all-permissions | โ |
R003 pin-action-shas | โ |
R098 require-codeql-security-events-write | โ |
R111 require-dependabot-automation-permissions | โ |
R112 require-dependabot-automation-pull-request-trigger | โ |
R109 require-dependabot-bot-actor-guard | โ |
R091 require-dependency-review-action | โ |
R093 require-dependency-review-fail-on-severity | โ |
R092 require-dependency-review-permissions-contents-read | โ |
R094 require-dependency-review-pull-request-trigger | โ |
R110 require-fetch-metadata-github-token | โ |
R032 require-pull-request-target-branches | โ |
R102 require-sarif-upload-security-events-write | โ |
R107 require-secret-scan-contents-read | โ |
R105 require-secret-scan-fetch-depth-zero | โ |
R106 require-secret-scan-schedule | โ |
R108 require-trufflehog-verified-results-mode | โ |
R001 require-workflow-permissions | โ |
R028 require-workflow-run-branches | โ |