docker-ci-cd

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The CI workflows include runtime "uses:" actions and external container images that will be fetched and executed by the runner (e.g., docker/build-push-action -> https://github.com/docker/build-push-action, aquasecurity/trivy-action -> https://github.com/aquasecurity/trivy-action, and Docker images like docker:24 / aquasec/trivy on Docker Hub), which are external runtime dependencies that execute remote code as required steps.