github_actions_cicd

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The CI workflow fetches and runs external GitHub Actions at runtime (e.g., uses: actions/checkout@v4 and uses: aquasecurity/trivy-action@master), which execute remote code and are required dependencies of the pipeline.