Static Analysis Report - 2026-03-09

[github-actions[bot]]

Analysis Summary

Today's scan reveals a major new finding: zizmor's secrets-outside-env audit now flags 3,541 instances across 165 of 166 workflows (Medium severity). This is a significant increase from yesterday's 4 total zizmor findings, almost certainly triggered by a zizmor update enabling this audit rule. All other findings (actionlint, poutine) remain stable.

• Tools Used: zizmor, poutine, actionlint
• Total Findings (raw): 3,595 (+3,541 vs 2026-03-08)
• Workflows Scanned: 166
• Workflows Affected: 165 (secrets-outside-env), 41 (actionlint), 2 (other zizmor), 2 (poutine)
• All Workflows Compiled: ✅ Yes (0 errors, 25 warnings)

Findings by Tool

Tool	Total (raw)	Critical	High	Medium	Low/Info
zizmor (security)	3,545	0	0	3,542	3
poutine (supply chain)	9	0	0	0	9
actionlint (linting)	41	-	-	-	41

🚨 New Critical Finding: secrets-outside-env (Medium × 3,541)

NEW since 2026-03-09 — This audit rule was not triggered in any previous scan.

Zizmor's secrets-outside-env rule detects when GitHub Actions secrets are referenced in workflow jobs without a dedicated GitHub Environment. Without environments, secrets have no additional protection layer (required reviewers, deployment branch rules, wait timers).

• Severity: Medium
• Affected: 165 of 166 workflows (essentially all)
• Unique job positions flagged: 639
• Reference: (docs.zizmor.sh/redacted)

Assessment: This spike is almost certainly caused by a zizmor tool update that enabled or introduced this audit rule. The finding itself represents real (if low-urgency) security hygiene — adding named GitHub Environments provides an extra access-control layer for secrets. Since all workflows are affected simultaneously with no code changes, this is not a regression in workflow code.

Clustered Findings by Tool and Type

Zizmor Security Findings

Issue Type	Severity	Count (raw)	Unique Locations	Affected Workflows
secrets-outside-env	Medium	3,541	639	165 (all)
artipacked	Medium	1	1	daily-copilot-token-report
template-injection	Informational	3	1	contribution-check

Poutine Supply Chain Findings (unchanged)

Issue Type	Severity	Count	Affected Workflows
pr_runs_on_self_hosted	Warning	1	smoke-copilot-arm
unverified_script_exec	Note	2	copilot-setup-steps, daily-copilot-token-report
unpinnable_action	Note	2	daily-perf-improver/build-steps, daily-test-improver/coverage-steps
github_action_from_unverified_creator_used	Note	4	(4 instances)

Actionlint Linting Issues (unchanged)

Issue Type	Count	Affected Workflows
permissions: unknown scope copilot-requests	40	40 workflows (known false positive — valid GitHub Copilot permission)
expression: activated output not defined	1	ace-editor

Fix Suggestion: secrets-outside-env

Issue: Secrets referenced without a dedicated GitHub Environment
Severity: Medium
Affected Workflows: 165 workflows (virtually all)

Prompt to Copilot Agent:

You are fixing a security finding identified by zizmor in GitHub Actions workflows.

Vulnerability: secrets-outside-env — Secrets referenced without a dedicated environment
Rule reference: (docs.zizmor.sh/redacted)
Severity: Medium

Current Issue:
Jobs in GitHub Actions workflows reference secrets (e.g., $\{\{ secrets.MY_SECRET }})
without the job being associated with a named GitHub Environment. Without environments,
secrets have no additional access controls like required reviewers, deployment branches,
or environment protection rules.

Required Fix:
Add an `environment` field to each job that uses secrets. The environment name should
match an existing GitHub Environment configured in the repository settings, or a new
environment named after the job's purpose.

Example:

Before:
  jobs:
    agent:
      runs-on: ubuntu-latest
      steps:
        - name: Run agent
          env:
            API_KEY: $\{\{ secrets.API_KEY }}
          run: ./run-agent.sh

After:
  jobs:
    agent:
      runs-on: ubuntu-latest
      environment: production
      steps:
        - name: Run agent
          env:
            API_KEY: $\{\{ secrets.API_KEY }}
          run: ./run-agent.sh

Note: For agentic workflows using the pre_activation/activation/agent pattern,
add `environment` to the jobs that actually consume secrets (typically the `agent` job).
Ensure the named environment exists in repository Settings → Environments.

All Findings Details by Persistent Issue Type

Actionlint: ace-editor — expression output undefined (PERSISTENT since 2026-03-06)

• File: ace-editor.lock.yml:525:9
• Error: Property activated is not defined in object type for needs.activation.outputs
• Detail: Job post_ace_link uses needs.activation.outputs.activated == 'true' but the activation job does not declare activated in its outputs schema
• Fix: Add activated to the activation job's outputs declaration

Zizmor: daily-copilot-token-report — artipacked (PERSISTENT since 2026-02-25)

• File: daily-copilot-token-report.lock.yml:304
• Severity: Medium
• Description: actions/checkout persists credentials in artifacts, enabling potential credential theft via artifact download
• Reference: (docs.zizmor.sh/redacted)
• Fix: Add persist-credentials: false to actions/checkout step

Zizmor: contribution-check — template-injection (PERSISTENT since 2026-02-25)

• File: contribution-check.lock.yml:317
• Severity: Informational (3 instances)
• Description: Potential code injection via GitHub Actions template expansion
• Reference: (docs.zizmor.sh/redacted)

Poutine: smoke-copilot-arm — pr_runs_on_self_hosted (PERSISTENT)

• File: smoke-copilot-arm.lock.yml:316
• Severity: Warning
• Description: PR workflow runs on self-hosted runner ubuntu-24.04-arm — self-hosted runners in PR workflows can be exploited by malicious PRs
• Reference: https://github.com/boostsecurityio/poutine

Poutine: unverified_script_exec (PERSISTENT)

• Files: copilot-setup-steps.yml:17, daily-copilot-token-report.lock.yml:321
• Description: curl | bash pattern using raw.githubusercontent.com — executes unverified remote scripts
• Fix: Pin the script to a specific commit SHA or verify the script's integrity before execution

Historical Trends

Date	zizmor	poutine	actionlint	Grand Total
2026-03-09	3,545 ⚠️	9	41	3,595
2026-03-08	4	9	41	54
2026-03-07	4	9	41	54
2026-03-06	4	9	41	54
2026-03-05	4	9	40	53
2026-03-02	4	9	41	54

New Issues (2026-03-09):

• secrets-outside-env (Medium): 3,541 instances across 165 workflows — NEW, likely from zizmor update

Resolved Issues: None since last scan

Persistent Issues (unresolved): artipacked (13+ days), template-injection (13+ days), ace-editor expression error (4 days), all poutine findings (10+ days)

Recommendations

1. Investigate zizmor update: Confirm whether secrets-outside-env was newly enabled in today's zizmor version. If this is a new audit rule, evaluate whether adding environment: declarations to all workflows is feasible or desired.
2. Address ace-editor expression error (actionlint, 4 days persistent): Add activated to the activation job's declared outputs in ace-editor.md.
3. Fix artipacked in daily-copilot-token-report (Medium, 13+ days): Add persist-credentials: false to the actions/checkout step.
4. Review template-injection in contribution-check (informational): Assess whether template expansion in that workflow poses real injection risk.
5. Long-term: For secrets-outside-env, consider a batch fix using the Copilot agent fix prompt above once the team decides on an environment naming strategy.

Next Steps

• Confirm zizmor version change triggering secrets-outside-env at scale
• Decide on environment naming convention (production, default, workflow-specific)
• Apply batch fix for secrets-outside-env using Copilot agent prompt above
• Fix ace-editor expression output declaration (quick fix)
• Fix artipacked in daily-copilot-token-report

References:

• §22841387621 — current run
• §22815537293 — 2026-03-08
• (docs.zizmor.sh/redacted)

AI generated by Static Analysis Report · history

• expires on Mar 10, 2026, 6:40 AM UTC

[github-actions[bot]]

This discussion was automatically closed because it expired on 2026-03-10T06:40:40.698Z.

Closed by Workflow