Security #269
security.yml
on: schedule
Docker Scan
12s
Go Scan
24s
Annotations
5 errors and 4 warnings
Docker Scan
Unable to process command '::set-env name=RELEASE_VERSION::' successfully.
|
Docker Scan
The `set-env` command is disabled. Please upgrade to using Environment Files or opt into unsecure command execution by setting the `ACTIONS_ALLOW_UNSECURE_COMMANDS` environment variable to `true`. For more information see: https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/
|
Go Scan
This version of the CodeQL Action was deprecated on January 18th, 2023, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v2. For more information, see https://github.blog/changelog/2023-01-18-code-scanning-codeql-action-v1-is-now-deprecated/
|
Go Scan
Failure invoking /opt/hostedtoolcache/CodeQL/2.17.0/x64/codeql/go/tools/autobuild.sh with arguments .
Exit code 1 and error was:
2024/04/16 11:03:03 Autobuilder was built with go1.22.1, environment has go1.21.9
2024/04/16 11:03:03 LGTM_SRC is /home/runner/work/iron-redis/iron-redis
2024/04/16 11:03:03 Found no go.work files in the workspace; looking for go.mod files...
2024/04/16 11:03:03 Found 1 go.mod file(s).
2024/04/16 11:03:03 Import path is 'github.com/ironpeakservices/iron-redis'
2024/04/16 11:03:03 Build failed, continuing to install dependencies.
2024/04/16 11:03:03 Skipping dependency installation because a Go vendor directory was found.
2024/04/16 11:03:03 Running extractor command '/opt/hostedtoolcache/CodeQL/2.17.0/x64/codeql/go/tools/linux64/go-extractor [-mod=vendor ./...]' from directory 'healthcheck'.
2024/04/16 11:03:04 Build flags: '-mod=vendor'; patterns: './...'
2024/04/16 11:03:04 Running packages.Load.
2024/04/16 11:03:04 Error running go tooling: err: exit status 1: stderr: go: inconsistent vendoring in /home/runner/work/iron-redis/iron-redis/healthcheck:
github.com/go-redis/[email protected]+incompatible: is explicitly required in go.mod, but vendor/modules.txt indicates github.com/go-redis/[email protected]+incompatible
To ignore the vendor directory, use -mod=readonly or -mod=mod.
To sync the vendor directory, run:
go mod vendor
2024/04/16 11:03:04 Extraction failed for healthcheck: exit status 1
2024/04/16 11:03:04 Extraction failed for all discovered Go projects.
|
Go Scan
This version of the CodeQL Action was deprecated on January 18th, 2023, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v2. For more information, see https://github.blog/changelog/2023-01-18-code-scanning-codeql-action-v1-is-now-deprecated/
|
Docker Scan
Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: actions/checkout@v3. For more information see: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/.
|
Go Scan
Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: actions/checkout@v3, github/codeql-action/init@v1, github/codeql-action/analyze@v1. For more information see: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/.
|
Go Scan
The following actions uses node12 which is deprecated and will be forced to run on node16: github/codeql-action/init@v1, github/codeql-action/analyze@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
|
Go Scan
1 issue was detected with this workflow: git checkout HEAD^2 is no longer necessary. Please remove this step as Code Scanning recommends analyzing the merge commit for best results.
|