dotnet-gha-publish
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches and executes verified GitHub Actions from trusted organizations including Microsoft, Docker, Sigstore, and Anchore to handle build, authentication, and security tasks.
- [COMMAND_EXECUTION]: Utilizes standard .NET SDK and Docker CLI commands (e.g., dotnet pack, dotnet nuget push, docker login) to automate the publishing lifecycle within a controlled CI/CD environment.
- [DATA_EXFILTRATION]: Properly manages sensitive credentials like NuGet API keys and code-signing certificates using GitHub Secrets; includes security best practices such as the 'if: always()' cleanup step to remove transient certificate files from the runner's temporary directory.
Audit Metadata