Restrict Build Pipeline Code Execution to Build Scripts
tip
This check is currently under development and not yet implemented. Click here to learn how you can help.
Description
Ensure the build pipeline cannot execute arbitrary code outside of a build script
Details
- Default Category: github workflows
- Default Priority Group: P11
- C-SCRM: true
- Mitre: CWE-94
- Mitre: CAPEC-19
- Sources: OpenSSF Scorecard