chore(deps): bump com.azure:azure-security-keyvault-secrets from 4.8.5 to 4.9.0 · eclipse-tractusx/knowledge-agents-edc@487c519

Triggered via pull request November 5, 2024 22:20

dependabot[bot]

opened #253

dependabot/maven/main/com.azure-azure-security-keyvault-secrets-4.9.0

Status Success

Total duration 46s

Artifacts –

kics.yml

on: pull_request

Analyze

36s

Annotations

1 warning

[MEDIUM] Unpinned Actions Full Length Commit SHA: .github/workflows/trufflehog.yml#L32

Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump com.azure:azure-security-keyvault-secrets from 4.8.5 to 4.9.0 #856

Summary

chore(deps): bump com.azure:azure-security-keyvault-secrets from 4.8.5 to 4.9.0 #856

Jobs

Run details

kics.yml

Annotations