github-actions-workflows
Warn
Audited by Snyk on Mar 4, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The workflows fetch and run external GitHub Actions at runtime (e.g., actions/checkout@v4 -> https://github.com/actions/checkout, github/codeql-action/init@v3 -> https://github.com/github/codeql-action, dependency-check/Dependency-Check_Action@main -> https://github.com/dependency-check/Dependency-Check_Action), which are retrieved during job execution, execute remote code, and are required for the jobs.
Audit Metadata