setup-container-registry
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the Trivy vulnerability scanner from Aquasecurity's official GitHub releases and the Cosign tool from Sigstore's official GitHub releases. Both are well-known and reputable security projects used for container security.
- [COMMAND_EXECUTION]: Includes standard shell commands to move binaries to system paths (
/usr/local/bin) and set executable permissions. These actions are restricted to the intended purpose of installing security command-line tools. - [SAFE]: Registry authentication is handled via environment variables (e.g.,
$GITHUB_TOKEN,$DOCKERHUB_TOKEN) and GitHub Secrets in CI/CD workflows, which follows security best practices for credential management. - [SAFE]: Templates for configuration files (e.g.,
harbor-values.yaml,.github/workflows/docker-build.yml) are static and used for setup purposes, presenting no immediate risk of indirect prompt injection.
Audit Metadata