[static-analysis] Report - 2026-06-07

[github-actions]

Analysis Summary

Daily static analysis of 243 compiled workflows (zizmor, poutine, actionlint, runner-guard v2.6.0). This run compiled 8 more workflows than yesterday (235 → 243), which accounts for most increases. No new vulnerability classes — every High finding maps to a previously reviewed, closed issue, so 0 new issues created (per #31043 dedup policy).

• Total Findings: 1,910 — zizmor 75 · poutine 24 · actionlint 1,497 · runner-guard 314
• Workflows Scanned: 243 · Runner-Guard issues created: 0

Findings by Tool

Tool	Total	Critical	High	Medium	Low	Info
zizmor (security)	75	0	2	2	31	40
poutine (supply chain)	24	0	0	0	12	12
actionlint (linting)	1,497	-	-	-	-	-
runner-guard (taint)	314	0	304	10	0	-

Clustered Findings

Zizmor

Type	Severity	Count	Affected
github-env	High	2	dev-hawk (767, 1708)
excessive-permissions	Medium	1	dependabot-repair
artipacked	Medium	1	daily-geo-optimizer
template-injection	Low/Info	43	sanitized ${{...}} in prompts (many)
obfuscation	Low	27	# poutine:ignore comments (many)
superfluous-actions	Info	1	smoke-codex

Poutine

Type	Count	Affected
untrusted_checkout_exec	12	smoke-workflow-call*, dependabot-worker (all poutine:ignore)
github_action_from_unverified_creator_used	8	link-check, super-linter, copilot-setup-steps, smoke-codex, mcp-inspector, ...
unverified_script_exec	3	daily-byok-ollama-test, copilot-setup-steps, smoke-codex
pr_runs_on_self_hosted	1	smoke-copilot-arm

Actionlint (generated-file noise)

Type	Count	Cause
shellcheck	959	SC2016/SC2086 in generated run: blocks
syntax-check	403	unexpected key "queue" (gh-aw compiler extension)
permissions	113	unknown scope "copilot-requests" (schema lag)
expression	22	generated job-output props (activation/activated)

These are overwhelmingly false positives against generated .lock.yml — actionlint doesn't model gh-aw's compiler extensions. Noise, not source defects.

Runner-Guard (304 High · 10 Medium)

Rule	Name	Sev	Count	Affected
RGS-004	Comment-Triggered Workflow w/o Author Auth Check	High	288	q (118), dev-hawk (87), ai-moderator (83)
RGS-012	Secret Exfiltration via Outbound HTTP	High	10	daily-model-inventory (×4), visual-regression-checker (×2), daily-multi-device-docs-tester, docs-noob-tester, daily-byok-ollama-test (×2)
RGS-018	Suspicious Payload Execution Pattern	High	6	daily-cli-performance, daily-sentrux-report, smoke-claude, smoke-codex, copilot-setup-steps, daily-byok-ollama-test
RGS-005	Excessive Permissions on Untrusted Trigger	Med	8	ai-moderator (×4), q (×3)
RGS-007	Unpinned Third-Party Action (Mutable Tag)	Med	1	aoai-endpoint-smoke-test
RGS-019	Step Output Interpolated in run Block	Med	1	error-message-lint

Issues created: none. Every High rule+file combo already has a closed issue; no OPEN RGS issues to comment on:

• RGS-004 (q/dev-hawk/ai-moderator) → closed [static-analysis] RGS-004: Comment-Triggered Workflow Without Author Authorization Check (16 workflows) #30284, [static-analysis] RGS-004: Comment-Triggered Workflow Without Author Authorization Check #30077, [static-analysis] RGS-004: Comment-Triggered Workflow Without Author Authorization Check #29460
• RGS-012 (all 5 files) → closed [static-analysis] RGS-012: Secret Exfiltration via Outbound HTTP Request in daily-model-inventory #30079, [static-analysis] RGS-012: Secret Exfiltration via Outbound HTTP Request in daily-byok-ollama-test.lock.yml #35652, [static-analysis] RGS-012: Secret Exfiltration via Outbound HTTP Request in daily-multi-device-docs-tester.lock.yml #33477, [static-analysis] RGS-012: Secret Exfiltration via Outbound HTTP Request in docs-noob-tester #28488, [static-analysis] RGS-012: Secret Exfiltration via Outbound HTTP Request in visual-regression-checker.lock.yml #30947
• RGS-018 (all 6 files) → closed [static-analysis] RGS-018: Suspicious Payload Execution Pattern (34 workflows) #30532, [static-analysis] RGS-018: Suspicious Payload Execution Pattern in multiple workflows #30777

Top Priority: zizmor github-env (High)

• Affected: dev-hawk.lock.yml:767, :1708 (single source step in two jobs)
• Description: A run: step appends to $GITHUB_ENV (echo "GH_HOST=..." >> "$GITHUB_ENV") with a value zizmor can't prove constant. If attacker-controlled, this injects env vars into later steps (PATH/NODE_OPTIONS hijack).
• Impact: Only un-triaged High zizmor finding; persists ~16 consecutive days (since 2026-05-23).
• Reference: (docs.zizmor.sh/redacted)

Fix Suggestion for zizmor github-env

Prompt to Copilot Agent:

Fix a zizmor github-env finding ((docs.zizmor.sh/redacted)

A run: step in dev-hawk appends to $GITHUB_ENV with a value zizmor can't prove constant,
allowing env-var injection into later steps. Edit the SOURCE recipe in
.github/workflows/dev-hawk.md (or its shared include), NOT the generated .lock.yml, then recompile.

Fix options:
1) Validate/normalize before writing — strip scheme and whitelist host:
     GH_HOST="${GH_HOST#(redacted) GH_HOST="${GH_HOST#https://}"
     case "$GH_HOST" in github.com|*.githubusercontent.com|ghcr.io) ;;
       *) echo "refusing untrusted GH_HOST: $GH_HOST" >&2; exit 1 ;; esac
     printf 'GH_HOST=%s\n' "$GH_HOST" >> "$GITHUB_ENV"
2) If value is only needed in the same step, keep it a local shell var (no $GITHUB_ENV).
3) If confirmed false positive, add a scoped suppression with justification:
     # zizmor: ignore[github-env] compile-time constant host, not user input

Apply to both occurrences (:767 and :1708). Recompile; confirm 0 github-env findings.

Historical Trends

Date	zizmor	poutine	actionlint	runner-guard	workflows
2026-06-04	73	24	1,472	307	240
2026-06-05	73	24	1,478	307	240
2026-06-06	70	24	1,445	308	235
2026-06-07	75	24	1,497	314	243

• Δ vs previous: zizmor +5 (obfuscation 22→27), poutine 0, actionlint +52, runner-guard +6 (RGS-004 282→288, each hotspot +2). Deltas track +8 workflows. No new finding classes; nothing resolved to zero.
• Persistent: dev-hawk github-env High (~16 days) — the recommended remediation target.

Recommendations

1. Immediate: Fix or formally suppress the persistent zizmor github-env High in dev-hawk (only un-triaged High security finding).
2. Short-term: Keep runner-guard closed-issue dedup (per [deep-report] Static-analysis RGS-* security issues recreated daily after closure (no dedup-by-rule) #31043) — 0 churn; no recreation of closed RGS issues.
3. Long-term: Reduce actionlint noise — teach the lint step about gh-aw lock-file extensions (queue:, copilot-requests:, job outputs), or lint source .md not generated .lock.yml. 1,497 false positives mask real regressions.
4. Prevention: Update generation templates to avoid reintroducing SC2016/SC2086 patterns at scale.

References: §27084518920

Generated by 📊 Static Analysis Report · 311.3 AIC · ⌖ 9.84 AIC · ⊞ 10.2K · ◷

• expires on Jun 14, 2026, 6:19 AM UTC