🔒 Zizmor Security Analysis Report - 2025-11-02

[github-actions[bot]]

🔒 Zizmor Security Analysis Report - November 2, 2025

Executive Summary

Completed comprehensive security scan of 67 agentic workflow files using zizmor v1.16.2. The analysis identified 16 security findings across 3 distinct vulnerability types, affecting 8 workflows (12% of total workflows).

Key Findings:

• 3 High severity findings related to insecure workflow triggers
• 2 Medium severity findings related to credential persistence in artifacts
• 11 Low severity findings related to template injection vulnerabilities
• 59 workflows (88%) passed security scan without issues

Priority Action: Address the 3 High severity dangerous-triggers findings in ci-doctor, dev-hawk, and smoke-detector workflows by adding branch restrictions to workflow_run triggers.

Full Report Details

Security Scan Statistics

Metric	Value
Workflows Scanned	67
Total Findings	16
Workflows Affected	8 (12%)
Workflows Clean	59 (88%)
Zizmor Version	1.16.2
Scan Date	2025-11-02
Workflow Run	§19013214553

Findings by Severity

Severity	Count	Percentage
Critical	0	0%
High	3	19%
Medium	2	13%
Low	11	69%

Clustered Findings by Issue Type

1. dangerous-triggers (High Severity) ⚠️

Priority: URGENT

Property	Value
Count	3 findings
Severity	High
Confidence	Medium
Description	Use of fundamentally insecure workflow trigger
Reference	(redacted)#dangerous-triggers

Affected Workflows:

1. ci-doctor - Monitors "Daily Perf Improver" and "Daily Test Coverage Improver" without branch restrictions
2. dev-hawk - Monitors "Dev" workflow with branch restriction to copilot/* (partially mitigated)
3. smoke-detector - Monitors 5 smoke test workflows without branch restrictions

Issue Details:
The workflow_run trigger is flagged as "almost always used insecurely". This trigger allows privilege escalation because:

• The triggered workflow runs with privileges of the target branch (often main)
• Without branch restrictions, it executes for ALL branches including untrusted PRs
• Can be exploited for code injection and secrets exfiltration

Example from ci-doctor.lock.yml (Lines 42-48):

"on":
  workflow_run:
    types:
    - completed
    workflows:
    - Daily Perf Improver
    - Daily Test Coverage Improver
    # ❌ Missing branch restrictions!

---

2. template-injection (Low Severity)

Property	Value
Count	11 findings (33 total locations)
Severity	Low
Confidence	High
Description	Code injection via template expansion
Reference	(redacted)#template-injection

Affected Workflows:

1. duplicate-code-detector - 11 instances
2. mcp-inspector - 11 instances
3. smoke-codex - 11 instances

Issue Details:
These workflows use GitHub Actions template expressions in potentially unsafe contexts. While rated Low severity, template injection can allow attackers to inject arbitrary code if user-controlled input flows into template expressions without sanitization.

---

3. artipacked (Medium Severity)

Property	Value
Count	2 findings
Severity	Medium
Confidence	Low
Description	Credential persistence through GitHub Actions artifacts
Reference	(redacted)#artipacked

Affected Workflows:

1. daily-perf-improver
2. daily-test-improver

Issue Details:
These workflows may persist credentials in GitHub Actions artifacts. Artifacts are accessible to anyone with read access to the repository, potentially exposing secrets or credentials stored in artifact files.

---

Detailed Fix Guidance

Priority 1: Fix dangerous-triggers (High Severity)

I've generated a comprehensive fix template for this issue. Here's the actionable fix prompt:

Fix Prompt for Copilot Agent

You are fixing a HIGH severity security vulnerability in GitHub Actions workflows.

**Vulnerability**: dangerous-triggers - Insecure use of workflow_run trigger
**Severity**: High | **Confidence**: Medium
**Reference**: (redacted)#dangerous-triggers

**Current Issue**:
Three workflows use the `workflow_run` trigger without adequate security controls:
1. ci-doctor - Monitors "Daily Perf Improver" and "Daily Test Coverage Improver" workflows
2. dev-hawk - Monitors "Dev" workflow (already has branch restriction to copilot/*)
3. smoke-detector - Monitors multiple smoke test workflows

The workflow_run trigger is inherently risky because:
- It runs with the privileges of the target branch (often main)
- Without branch restrictions, it executes for ALL branches including untrusted PRs
- It can be exploited for privilege escalation and code injection attacks

**Required Fix**:

For ci-doctor and smoke-detector workflows:
1. Add branch restrictions to limit the trigger scope to main branch only
2. This prevents the workflows from running for untrusted PR branches

**Example Fix**:

Before (ci-doctor.md):
```yaml
on:
  workflow_run:
    workflows:
      - Daily Perf Improver
      - Daily Test Coverage Improver
    types:
      - completed

After (ci-doctor.md):

on:
  workflow_run:
    workflows:
      - Daily Perf Improver
      - Daily Test Coverage Improver
    types:
      - completed
    branches:
      - main  # Only monitor workflows on main branch

Files to Modify:

• .github/workflows/ci-doctor.md (add branch restriction)
• .github/workflows/smoke-detector.md (add branch restriction)
• .github/workflows/dev-hawk.md (review only - already has branch restriction)

Testing:
After applying fixes:

1. Recompile workflows: gh aw compile
2. Re-run security scan: zizmor .github/workflows/*.lock.yml
3. Verify dangerous-triggers findings are resolved

---

## All Findings by Workflow

<details>
<summary>ci-doctor.lock.yml (1 finding)</summary>

### Finding: dangerous-triggers
- **Severity**: High
- **Location**: Lines 42-48
- **Issue**: workflow_run trigger without branch restrictions
- **Recommendation**: Add `branches: [main]` to workflow_run configuration

</details>

<details>
<summary>dev-hawk.lock.yml (1 finding)</summary>

### Finding: dangerous-triggers
- **Severity**: High
- **Location**: Lines 34-41
- **Issue**: workflow_run trigger (already has branch restriction to `copilot/*`)
- **Recommendation**: Review input validation from triggering workflow

</details>

<details>
<summary>smoke-detector.lock.yml (1 finding)</summary>

### Finding: dangerous-triggers
- **Severity**: High
- **Location**: Lines 52-61
- **Issue**: workflow_run trigger without branch restrictions, monitoring 5 workflows
- **Recommendation**: Add `branches: [main]` to workflow_run configuration

</details>

<details>
<summary>duplicate-code-detector.lock.yml (11 findings)</summary>

### Finding: template-injection
- **Severity**: Low
- **Issue**: 11 instances of template expressions in potentially unsafe contexts
- **Recommendation**: Review template usage and sanitize user inputs

</details>

<details>
<summary>mcp-inspector.lock.yml (11 findings)</summary>

### Finding: template-injection
- **Severity**: Low
- **Issue**: 11 instances of template expressions in potentially unsafe contexts
- **Recommendation**: Review template usage and sanitize user inputs

</details>

<details>
<summary>smoke-codex.lock.yml (11 findings)</summary>

### Finding: template-injection
- **Severity**: Low
- **Issue**: 11 instances of template expressions in potentially unsafe contexts
- **Recommendation**: Review template usage and sanitize user inputs

</details>

<details>
<summary>daily-perf-improver.lock.yml (1 finding)</summary>

### Finding: artipacked
- **Severity**: Medium
- **Location**: 1 location identified
- **Issue**: Potential credential persistence through GitHub Actions artifacts
- **Recommendation**: Review artifact contents and avoid storing credentials

</details>

<details>
<summary>daily-test-improver.lock.yml (1 finding)</summary>

### Finding: artipacked
- **Severity**: Medium
- **Location**: 1 location identified
- **Issue**: Potential credential persistence through GitHub Actions artifacts
- **Recommendation**: Review artifact contents and avoid storing credentials

</details>

---

## Historical Trends

**First Scan**: This is the first security scan with zizmor in cache memory. Future scans will include trend analysis comparing:
- Total findings over time
- New vulnerabilities introduced
- Resolved issues
- Recurring patterns

The scan results have been stored in `/tmp/gh-aw/cache-memory/security-scans/` for trend analysis in future runs.

---

## Recommendations

### Immediate Actions (Next 24-48 hours)
1. ✅ **Fix High severity dangerous-triggers** in ci-doctor and smoke-detector workflows
   - Add `branches: [main]` to workflow_run triggers
   - Recompile workflows and verify fixes
2. ✅ **Review dev-hawk workflow** for input validation from triggering workflow

### Short-term Actions (Next 1-2 weeks)
3. ✅ **Investigate artipacked findings** in daily-perf-improver and daily-test-improver
   - Review what data is being uploaded to artifacts
   - Ensure no credentials or secrets are included
   - Consider using artifact retention policies
4. ✅ **Review template-injection instances** in the 3 affected workflows
   - Identify which template expressions use user-controlled input
   - Add input sanitization where needed

### Long-term Actions (Next month)
5. ✅ **Establish automated security scanning**
   - Add zizmor check to CI/CD pipeline
   - Run zizmor scan on every PR that modifies workflow files
   - Set up alerting for new High/Critical findings
6. ✅ **Update workflow creation guidelines**
   - Document secure patterns for workflow_run triggers
   - Add security review checklist for new workflows
   - Include zizmor scan in workflow development process
7. ✅ **Consider pre-commit hooks**
   - Add zizmor validation to git pre-commit hooks
   - Prevent introduction of new vulnerabilities before commit

---

## Next Steps

**Action Items**:
- [ ] Apply dangerous-triggers fixes to ci-doctor.md and smoke-detector.md
- [ ] Review dev-hawk.md input validation
- [ ] Investigate artipacked findings in daily improver workflows
- [ ] Schedule follow-up scan after fixes are applied
- [ ] Set up automated zizmor scanning in CI/CD

**Questions for Team**:
1. Should workflow_run workflows be restricted to main branch only, or do we need them on other branches?
2. What data is currently being stored in artifacts by the daily improver workflows?
3. Do we want to add zizmor scanning to our CI/CD pipeline automatically?

</details>

---

## Cache Memory Updates

All scan results have been stored in `/tmp/gh-aw/cache-memory/` for persistence:

- **Scan Summary**: `/tmp/gh-aw/cache-memory/security-scans/2025-11-02.json`
- **Scan Index**: `/tmp/gh-aw/cache-memory/security-scans/index.json`
- **Fix Template**: `/tmp/gh-aw/cache-memory/fix-templates/dangerous-triggers.md`
- **Raw Results**: `/tmp/gh-aw/agent/zizmor-results.json`

These files will be used for historical trend analysis in future security scans.

---

**References**:
- [§19013214553]((redacted))
- Zizmor Documentation: (redacted)
- GitHub Actions Security: (redacted)


> AI generated by [Zizmor Workflow Security Analyzer](https://github.com/githubnext/gh-aw/actions/runs/19013214553)

[github-actions[bot]]

This discussion was automatically closed because it was created by an agentic workflow more than 1 week ago.