From 543a1c4f8cc06695b1025d43f1220050f07dcf8c Mon Sep 17 00:00:00 2001 From: Hypatia Finding Submitter Date: Fri, 29 May 2026 21:29:17 +0000 Subject: [PATCH 1/5] findings: hyperpolymath/hypatia @ 2026-05-29 Submitted: 101 findings Commit: 64ed375f2152c29009f29dc845dd9bc3b83b76b3 Scanner: hypatia-v2 Automated submission from GitHub Actions. --- .../20260529-212914.json | 818 ++++++++++++++++++ .../hyperpolymath-hypatia/latest.json | 2 +- 2 files changed, 819 insertions(+), 1 deletion(-) create mode 100644 shared-context/findings/hyperpolymath-hypatia/20260529-212914.json diff --git a/shared-context/findings/hyperpolymath-hypatia/20260529-212914.json b/shared-context/findings/hyperpolymath-hypatia/20260529-212914.json new file mode 100644 index 0000000..5e64c5e --- /dev/null +++ b/shared-context/findings/hyperpolymath-hypatia/20260529-212914.json @@ -0,0 +1,818 @@ +{ + "findings": [ + { + "reason": "Action urin 21 JRE\n uses: actions/setup-java@be666c2fcd27 needs attention", + "type": "unpinned_action", + "file": "verify-proofs.yml", + "action": "pin_sha", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in ci.yml", + "type": "unknown", + "file": "ci.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in ci.yml", + "type": "unknown", + "file": "ci.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in ci.yml", + "type": "unknown", + "file": "ci.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in ci.yml", + "type": "unknown", + "file": "ci.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in ci.yml", + "type": "unknown", + "file": "ci.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in ci.yml", + "type": "unknown", + "file": "ci.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in ci.yml", + "type": "unknown", + "file": "ci.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in ci.yml", + "type": "unknown", + "file": "ci.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in clusterfuzzlite.yml", + "type": "unknown", + "file": "clusterfuzzlite.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in clusterfuzzlite.yml", + "type": "unknown", + "file": "clusterfuzzlite.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in codeql.yml", + "type": "unknown", + "file": "codeql.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in dependabot-automerge.yml", + "type": "unknown", + "file": "dependabot-automerge.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in dogfood-gate.yml", + "type": "unknown", + "file": "dogfood-gate.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in dogfood-gate.yml", + "type": "unknown", + "file": "dogfood-gate.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in dogfood-gate.yml", + "type": "unknown", + "file": "dogfood-gate.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in dogfood-gate.yml", + "type": "unknown", + "file": "dogfood-gate.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in dogfood-gate.yml", + "type": "unknown", + "file": "dogfood-gate.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in governance.yml", + "type": "unknown", + "file": "governance.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in hypatia-scan.yml", + "type": "unknown", + "file": "hypatia-scan.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in language-blockers.yml", + "type": "unknown", + "file": "language-blockers.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in language-blockers.yml", + "type": "unknown", + "file": "language-blockers.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in mirror.yml", + "type": "unknown", + "file": "mirror.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in quality.yml", + "type": "unknown", + "file": "quality.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in quality.yml", + "type": "unknown", + "file": "quality.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in quality.yml", + "type": "unknown", + "file": "quality.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in quality.yml", + "type": "unknown", + "file": "quality.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in quality.yml", + "type": "unknown", + "file": "quality.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in quality.yml", + "type": "unknown", + "file": "quality.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in release.yml", + "type": "unknown", + "file": "release.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in release.yml", + "type": "unknown", + "file": "release.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in release.yml", + "type": "unknown", + "file": "release.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in release.yml", + "type": "unknown", + "file": "release.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in release.yml", + "type": "unknown", + "file": "release.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in release.yml", + "type": "unknown", + "file": "release.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in release.yml", + "type": "unknown", + "file": "release.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in rust.yml", + "type": "unknown", + "file": "rust.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in rust.yml", + "type": "unknown", + "file": "rust.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in rust.yml", + "type": "unknown", + "file": "rust.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in rust.yml", + "type": "unknown", + "file": "rust.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in rust.yml", + "type": "unknown", + "file": "rust.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in rust.yml", + "type": "unknown", + "file": "rust.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in scorecard.yml", + "type": "unknown", + "file": "scorecard.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in secret-scanner.yml", + "type": "unknown", + "file": "secret-scanner.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in tests.yml", + "type": "unknown", + "file": "tests.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in tests.yml", + "type": "unknown", + "file": "tests.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in tests.yml", + "type": "unknown", + "file": "tests.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in tests.yml", + "type": "unknown", + "file": "tests.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in tests.yml", + "type": "unknown", + "file": "tests.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in tests.yml", + "type": "unknown", + "file": "tests.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unpinned_action -- Hypatia workflow_audit: unpinned_action -- 1 day(s) old", + "type": "CSA001", + "file": "verify-proofs.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 1 day(s) old", + "type": "CSA001", + "file": "tests.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 1 day(s) old", + "type": "CSA001", + "file": "tests.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 1 day(s) old", + "type": "CSA001", + "file": "tests.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 1 day(s) old", + "type": "CSA001", + "file": "tests.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 1 day(s) old", + "type": "CSA001", + "file": "tests.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 1 day(s) old", + "type": "CSA001", + "file": "tests.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 1 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 1 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 1 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 1 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 1 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 1 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 1 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 1 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 1 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 1 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 1 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 1 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 1 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 1 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 1 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 1 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 1 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 1 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 1 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 1 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 1 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 1 day(s) old", + "type": "CSA001", + "file": "secret-scanner.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "29 total open code-scanning alert(s) -- security hygiene review", + "type": "CSA002", + "file": "hyperpolymath/hypatia", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + } + ], + "submission_metadata": { + "repo": "hyperpolymath/hypatia", + "commit": "64ed375f2152c29009f29dc845dd9bc3b83b76b3", + "submitted_at": "2026-05-29T21:29:17Z", + "scanner_version": "hypatia-v2" + } +} diff --git a/shared-context/findings/hyperpolymath-hypatia/latest.json b/shared-context/findings/hyperpolymath-hypatia/latest.json index 2f95f45..be299d8 120000 --- a/shared-context/findings/hyperpolymath-hypatia/latest.json +++ b/shared-context/findings/hyperpolymath-hypatia/latest.json @@ -1 +1 @@ -20260528-234939.json \ No newline at end of file +20260529-212914.json \ No newline at end of file From afb8a3ae5b00623285c6fbaa5bf7dd40587d26d1 Mon Sep 17 00:00:00 2001 From: Hypatia Finding Submitter Date: Sat, 30 May 2026 08:24:27 +0000 Subject: [PATCH 2/5] findings: hyperpolymath/hypatia @ 2026-05-30 Submitted: 102 findings Commit: 00db8ff9fc150327ec7baf86fa32066476b5e76a Scanner: hypatia-v2 Automated submission from GitHub Actions. --- .../20260530-082426.json | 826 ++++++++++++++++++ .../hyperpolymath-hypatia/latest.json | 2 +- 2 files changed, 827 insertions(+), 1 deletion(-) create mode 100644 shared-context/findings/hyperpolymath-hypatia/20260530-082426.json diff --git a/shared-context/findings/hyperpolymath-hypatia/20260530-082426.json b/shared-context/findings/hyperpolymath-hypatia/20260530-082426.json new file mode 100644 index 0000000..d42616e --- /dev/null +++ b/shared-context/findings/hyperpolymath-hypatia/20260530-082426.json @@ -0,0 +1,826 @@ +{ + "findings": [ + { + "reason": "Action urin 21 JRE\n uses: actions/setup-java@be666c2fcd27 needs attention", + "type": "unpinned_action", + "file": "verify-proofs.yml", + "action": "pin_sha", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in ci.yml", + "type": "unknown", + "file": "ci.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in ci.yml", + "type": "unknown", + "file": "ci.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in ci.yml", + "type": "unknown", + "file": "ci.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in ci.yml", + "type": "unknown", + "file": "ci.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in ci.yml", + "type": "unknown", + "file": "ci.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in ci.yml", + "type": "unknown", + "file": "ci.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in ci.yml", + "type": "unknown", + "file": "ci.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in ci.yml", + "type": "unknown", + "file": "ci.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in clusterfuzzlite.yml", + "type": "unknown", + "file": "clusterfuzzlite.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in clusterfuzzlite.yml", + "type": "unknown", + "file": "clusterfuzzlite.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in codeql.yml", + "type": "unknown", + "file": "codeql.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in dependabot-automerge.yml", + "type": "unknown", + "file": "dependabot-automerge.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in dogfood-gate.yml", + "type": "unknown", + "file": "dogfood-gate.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in dogfood-gate.yml", + "type": "unknown", + "file": "dogfood-gate.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in dogfood-gate.yml", + "type": "unknown", + "file": "dogfood-gate.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in dogfood-gate.yml", + "type": "unknown", + "file": "dogfood-gate.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in dogfood-gate.yml", + "type": "unknown", + "file": "dogfood-gate.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in governance.yml", + "type": "unknown", + "file": "governance.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in hypatia-scan.yml", + "type": "unknown", + "file": "hypatia-scan.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in language-blockers.yml", + "type": "unknown", + "file": "language-blockers.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in language-blockers.yml", + "type": "unknown", + "file": "language-blockers.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in mirror.yml", + "type": "unknown", + "file": "mirror.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in quality.yml", + "type": "unknown", + "file": "quality.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in quality.yml", + "type": "unknown", + "file": "quality.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in quality.yml", + "type": "unknown", + "file": "quality.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in quality.yml", + "type": "unknown", + "file": "quality.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in quality.yml", + "type": "unknown", + "file": "quality.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in quality.yml", + "type": "unknown", + "file": "quality.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in release.yml", + "type": "unknown", + "file": "release.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in release.yml", + "type": "unknown", + "file": "release.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in release.yml", + "type": "unknown", + "file": "release.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in release.yml", + "type": "unknown", + "file": "release.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in release.yml", + "type": "unknown", + "file": "release.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in release.yml", + "type": "unknown", + "file": "release.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in release.yml", + "type": "unknown", + "file": "release.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in rust.yml", + "type": "unknown", + "file": "rust.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in rust.yml", + "type": "unknown", + "file": "rust.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in rust.yml", + "type": "unknown", + "file": "rust.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in rust.yml", + "type": "unknown", + "file": "rust.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in rust.yml", + "type": "unknown", + "file": "rust.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in rust.yml", + "type": "unknown", + "file": "rust.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in scorecard.yml", + "type": "unknown", + "file": "scorecard.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in secret-scanner.yml", + "type": "unknown", + "file": "secret-scanner.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in tests.yml", + "type": "unknown", + "file": "tests.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in tests.yml", + "type": "unknown", + "file": "tests.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in tests.yml", + "type": "unknown", + "file": "tests.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in tests.yml", + "type": "unknown", + "file": "tests.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in tests.yml", + "type": "unknown", + "file": "tests.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in tests.yml", + "type": "unknown", + "file": "tests.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Repository has 1 non-main remote branch(es). Policy: single main branch only.", + "type": "GS007", + "file": ".", + "action": "delete_remote_branches", + "rule_module": "git_state", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unpinned_action -- Hypatia workflow_audit: unpinned_action -- 1 day(s) old", + "type": "CSA001", + "file": "verify-proofs.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "tests.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "tests.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "tests.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "tests.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "tests.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "tests.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "secret-scanner.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "29 total open code-scanning alert(s) -- security hygiene review", + "type": "CSA002", + "file": "hyperpolymath/hypatia", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + } + ], + "submission_metadata": { + "repo": "hyperpolymath/hypatia", + "commit": "00db8ff9fc150327ec7baf86fa32066476b5e76a", + "submitted_at": "2026-05-30T08:24:27Z", + "scanner_version": "hypatia-v2" + } +} diff --git a/shared-context/findings/hyperpolymath-hypatia/latest.json b/shared-context/findings/hyperpolymath-hypatia/latest.json index be299d8..13dc367 120000 --- a/shared-context/findings/hyperpolymath-hypatia/latest.json +++ b/shared-context/findings/hyperpolymath-hypatia/latest.json @@ -1 +1 @@ -20260529-212914.json \ No newline at end of file +20260530-082426.json \ No newline at end of file From 516d17cc012ad5276ce2104744fa44b58941a278 Mon Sep 17 00:00:00 2001 From: Hypatia Finding Submitter Date: Sat, 30 May 2026 13:30:44 +0000 Subject: [PATCH 3/5] findings: hyperpolymath/hypatia @ 2026-05-30 Submitted: 102 findings Commit: 6d3f7f12f7f698e69c43335b60d0b9bc47fafe1f Scanner: hypatia-v2 Automated submission from GitHub Actions. --- .../20260530-133042.json | 826 ++++++++++++++++++ .../hyperpolymath-hypatia/latest.json | 2 +- 2 files changed, 827 insertions(+), 1 deletion(-) create mode 100644 shared-context/findings/hyperpolymath-hypatia/20260530-133042.json diff --git a/shared-context/findings/hyperpolymath-hypatia/20260530-133042.json b/shared-context/findings/hyperpolymath-hypatia/20260530-133042.json new file mode 100644 index 0000000..3ff5545 --- /dev/null +++ b/shared-context/findings/hyperpolymath-hypatia/20260530-133042.json @@ -0,0 +1,826 @@ +{ + "findings": [ + { + "reason": "Action urin 21 JRE\n uses: actions/setup-java@be666c2fcd27 needs attention", + "type": "unpinned_action", + "file": "verify-proofs.yml", + "action": "pin_sha", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in ci.yml", + "type": "unknown", + "file": "ci.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in ci.yml", + "type": "unknown", + "file": "ci.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in ci.yml", + "type": "unknown", + "file": "ci.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in ci.yml", + "type": "unknown", + "file": "ci.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in ci.yml", + "type": "unknown", + "file": "ci.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in ci.yml", + "type": "unknown", + "file": "ci.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in ci.yml", + "type": "unknown", + "file": "ci.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in ci.yml", + "type": "unknown", + "file": "ci.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in clusterfuzzlite.yml", + "type": "unknown", + "file": "clusterfuzzlite.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in clusterfuzzlite.yml", + "type": "unknown", + "file": "clusterfuzzlite.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in codeql.yml", + "type": "unknown", + "file": "codeql.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in dependabot-automerge.yml", + "type": "unknown", + "file": "dependabot-automerge.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in dogfood-gate.yml", + "type": "unknown", + "file": "dogfood-gate.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in dogfood-gate.yml", + "type": "unknown", + "file": "dogfood-gate.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in dogfood-gate.yml", + "type": "unknown", + "file": "dogfood-gate.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in dogfood-gate.yml", + "type": "unknown", + "file": "dogfood-gate.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in dogfood-gate.yml", + "type": "unknown", + "file": "dogfood-gate.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in governance.yml", + "type": "unknown", + "file": "governance.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in hypatia-scan.yml", + "type": "unknown", + "file": "hypatia-scan.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in language-blockers.yml", + "type": "unknown", + "file": "language-blockers.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in language-blockers.yml", + "type": "unknown", + "file": "language-blockers.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in mirror.yml", + "type": "unknown", + "file": "mirror.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in quality.yml", + "type": "unknown", + "file": "quality.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in quality.yml", + "type": "unknown", + "file": "quality.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in quality.yml", + "type": "unknown", + "file": "quality.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in quality.yml", + "type": "unknown", + "file": "quality.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in quality.yml", + "type": "unknown", + "file": "quality.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in quality.yml", + "type": "unknown", + "file": "quality.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in release.yml", + "type": "unknown", + "file": "release.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in release.yml", + "type": "unknown", + "file": "release.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in release.yml", + "type": "unknown", + "file": "release.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in release.yml", + "type": "unknown", + "file": "release.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in release.yml", + "type": "unknown", + "file": "release.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in release.yml", + "type": "unknown", + "file": "release.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in release.yml", + "type": "unknown", + "file": "release.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in rust.yml", + "type": "unknown", + "file": "rust.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in rust.yml", + "type": "unknown", + "file": "rust.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in rust.yml", + "type": "unknown", + "file": "rust.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in rust.yml", + "type": "unknown", + "file": "rust.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in rust.yml", + "type": "unknown", + "file": "rust.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in rust.yml", + "type": "unknown", + "file": "rust.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in scorecard.yml", + "type": "unknown", + "file": "scorecard.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in secret-scanner.yml", + "type": "unknown", + "file": "secret-scanner.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in tests.yml", + "type": "unknown", + "file": "tests.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in tests.yml", + "type": "unknown", + "file": "tests.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in tests.yml", + "type": "unknown", + "file": "tests.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in tests.yml", + "type": "unknown", + "file": "tests.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in tests.yml", + "type": "unknown", + "file": "tests.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in tests.yml", + "type": "unknown", + "file": "tests.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Repository has 3 non-main remote branch(es). Policy: single main branch only.", + "type": "GS007", + "file": ".", + "action": "delete_remote_branches", + "rule_module": "git_state", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unpinned_action -- Hypatia workflow_audit: unpinned_action -- 1 day(s) old", + "type": "CSA001", + "file": "verify-proofs.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "tests.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "tests.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "tests.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "tests.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "tests.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "tests.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "secret-scanner.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "29 total open code-scanning alert(s) -- security hygiene review", + "type": "CSA002", + "file": "hyperpolymath/hypatia", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + } + ], + "submission_metadata": { + "repo": "hyperpolymath/hypatia", + "commit": "6d3f7f12f7f698e69c43335b60d0b9bc47fafe1f", + "submitted_at": "2026-05-30T13:30:44Z", + "scanner_version": "hypatia-v2" + } +} diff --git a/shared-context/findings/hyperpolymath-hypatia/latest.json b/shared-context/findings/hyperpolymath-hypatia/latest.json index 13dc367..dfecd59 120000 --- a/shared-context/findings/hyperpolymath-hypatia/latest.json +++ b/shared-context/findings/hyperpolymath-hypatia/latest.json @@ -1 +1 @@ -20260530-082426.json \ No newline at end of file +20260530-133042.json \ No newline at end of file From 1e7b682fb5d1240c58bd6e7f855cff66b5118775 Mon Sep 17 00:00:00 2001 From: Hypatia Finding Submitter Date: Sat, 30 May 2026 14:31:26 +0000 Subject: [PATCH 4/5] findings: hyperpolymath/hypatia @ 2026-05-30 Submitted: 102 findings Commit: 1938c3cfe1860c139ff390bffaeee4b153f92e9f Scanner: hypatia-v2 Automated submission from GitHub Actions. --- .../20260530-143124.json | 826 ++++++++++++++++++ .../hyperpolymath-hypatia/latest.json | 2 +- 2 files changed, 827 insertions(+), 1 deletion(-) create mode 100644 shared-context/findings/hyperpolymath-hypatia/20260530-143124.json diff --git a/shared-context/findings/hyperpolymath-hypatia/20260530-143124.json b/shared-context/findings/hyperpolymath-hypatia/20260530-143124.json new file mode 100644 index 0000000..189ead8 --- /dev/null +++ b/shared-context/findings/hyperpolymath-hypatia/20260530-143124.json @@ -0,0 +1,826 @@ +{ + "findings": [ + { + "reason": "Action urin 21 JRE\n uses: actions/setup-java@be666c2fcd27 needs attention", + "type": "unpinned_action", + "file": "verify-proofs.yml", + "action": "pin_sha", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in ci.yml", + "type": "unknown", + "file": "ci.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in ci.yml", + "type": "unknown", + "file": "ci.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in ci.yml", + "type": "unknown", + "file": "ci.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in ci.yml", + "type": "unknown", + "file": "ci.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in ci.yml", + "type": "unknown", + "file": "ci.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in ci.yml", + "type": "unknown", + "file": "ci.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in ci.yml", + "type": "unknown", + "file": "ci.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in ci.yml", + "type": "unknown", + "file": "ci.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in clusterfuzzlite.yml", + "type": "unknown", + "file": "clusterfuzzlite.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in clusterfuzzlite.yml", + "type": "unknown", + "file": "clusterfuzzlite.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in codeql.yml", + "type": "unknown", + "file": "codeql.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in dependabot-automerge.yml", + "type": "unknown", + "file": "dependabot-automerge.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in dogfood-gate.yml", + "type": "unknown", + "file": "dogfood-gate.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in dogfood-gate.yml", + "type": "unknown", + "file": "dogfood-gate.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in dogfood-gate.yml", + "type": "unknown", + "file": "dogfood-gate.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in dogfood-gate.yml", + "type": "unknown", + "file": "dogfood-gate.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in dogfood-gate.yml", + "type": "unknown", + "file": "dogfood-gate.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in governance.yml", + "type": "unknown", + "file": "governance.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in hypatia-scan.yml", + "type": "unknown", + "file": "hypatia-scan.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in language-blockers.yml", + "type": "unknown", + "file": "language-blockers.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in language-blockers.yml", + "type": "unknown", + "file": "language-blockers.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in mirror.yml", + "type": "unknown", + "file": "mirror.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in quality.yml", + "type": "unknown", + "file": "quality.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in quality.yml", + "type": "unknown", + "file": "quality.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in quality.yml", + "type": "unknown", + "file": "quality.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in quality.yml", + "type": "unknown", + "file": "quality.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in quality.yml", + "type": "unknown", + "file": "quality.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in quality.yml", + "type": "unknown", + "file": "quality.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in release.yml", + "type": "unknown", + "file": "release.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in release.yml", + "type": "unknown", + "file": "release.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in release.yml", + "type": "unknown", + "file": "release.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in release.yml", + "type": "unknown", + "file": "release.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in release.yml", + "type": "unknown", + "file": "release.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in release.yml", + "type": "unknown", + "file": "release.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in release.yml", + "type": "unknown", + "file": "release.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in rust.yml", + "type": "unknown", + "file": "rust.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in rust.yml", + "type": "unknown", + "file": "rust.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in rust.yml", + "type": "unknown", + "file": "rust.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in rust.yml", + "type": "unknown", + "file": "rust.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in rust.yml", + "type": "unknown", + "file": "rust.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in rust.yml", + "type": "unknown", + "file": "rust.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in scorecard.yml", + "type": "unknown", + "file": "scorecard.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in secret-scanner.yml", + "type": "unknown", + "file": "secret-scanner.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in tests.yml", + "type": "unknown", + "file": "tests.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in tests.yml", + "type": "unknown", + "file": "tests.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in tests.yml", + "type": "unknown", + "file": "tests.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in tests.yml", + "type": "unknown", + "file": "tests.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in tests.yml", + "type": "unknown", + "file": "tests.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in tests.yml", + "type": "unknown", + "file": "tests.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Repository has 1 non-main remote branch(es). Policy: single main branch only.", + "type": "GS007", + "file": ".", + "action": "delete_remote_branches", + "rule_module": "git_state", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unpinned_action -- Hypatia workflow_audit: unpinned_action -- 1 day(s) old", + "type": "CSA001", + "file": "verify-proofs.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "tests.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "tests.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "tests.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "tests.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "tests.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "tests.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "secret-scanner.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "29 total open code-scanning alert(s) -- security hygiene review", + "type": "CSA002", + "file": "hyperpolymath/hypatia", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + } + ], + "submission_metadata": { + "repo": "hyperpolymath/hypatia", + "commit": "1938c3cfe1860c139ff390bffaeee4b153f92e9f", + "submitted_at": "2026-05-30T14:31:25Z", + "scanner_version": "hypatia-v2" + } +} diff --git a/shared-context/findings/hyperpolymath-hypatia/latest.json b/shared-context/findings/hyperpolymath-hypatia/latest.json index dfecd59..a815ba9 120000 --- a/shared-context/findings/hyperpolymath-hypatia/latest.json +++ b/shared-context/findings/hyperpolymath-hypatia/latest.json @@ -1 +1 @@ -20260530-133042.json \ No newline at end of file +20260530-143124.json \ No newline at end of file From 8a47bc9141e44fe104c2bf4207b4b7ff696b3ae9 Mon Sep 17 00:00:00 2001 From: Hypatia Finding Submitter Date: Sat, 30 May 2026 15:14:50 +0000 Subject: [PATCH 5/5] findings: hyperpolymath/hypatia @ 2026-05-30 Submitted: 102 findings Commit: 1536ebe9569ebae167ef7295c3eee1fb3943cd82 Scanner: hypatia-v2 Automated submission from GitHub Actions. --- .../20260530-151449.json | 826 ++++++++++++++++++ .../hyperpolymath-hypatia/latest.json | 2 +- 2 files changed, 827 insertions(+), 1 deletion(-) create mode 100644 shared-context/findings/hyperpolymath-hypatia/20260530-151449.json diff --git a/shared-context/findings/hyperpolymath-hypatia/20260530-151449.json b/shared-context/findings/hyperpolymath-hypatia/20260530-151449.json new file mode 100644 index 0000000..9568a4a --- /dev/null +++ b/shared-context/findings/hyperpolymath-hypatia/20260530-151449.json @@ -0,0 +1,826 @@ +{ + "findings": [ + { + "reason": "Action urin 21 JRE\n uses: actions/setup-java@be666c2fcd27 needs attention", + "type": "unpinned_action", + "file": "verify-proofs.yml", + "action": "pin_sha", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in ci.yml", + "type": "unknown", + "file": "ci.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in ci.yml", + "type": "unknown", + "file": "ci.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in ci.yml", + "type": "unknown", + "file": "ci.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in ci.yml", + "type": "unknown", + "file": "ci.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in ci.yml", + "type": "unknown", + "file": "ci.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in ci.yml", + "type": "unknown", + "file": "ci.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in ci.yml", + "type": "unknown", + "file": "ci.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in ci.yml", + "type": "unknown", + "file": "ci.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in clusterfuzzlite.yml", + "type": "unknown", + "file": "clusterfuzzlite.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in clusterfuzzlite.yml", + "type": "unknown", + "file": "clusterfuzzlite.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in codeql.yml", + "type": "unknown", + "file": "codeql.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in dependabot-automerge.yml", + "type": "unknown", + "file": "dependabot-automerge.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in dogfood-gate.yml", + "type": "unknown", + "file": "dogfood-gate.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in dogfood-gate.yml", + "type": "unknown", + "file": "dogfood-gate.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in dogfood-gate.yml", + "type": "unknown", + "file": "dogfood-gate.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in dogfood-gate.yml", + "type": "unknown", + "file": "dogfood-gate.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in dogfood-gate.yml", + "type": "unknown", + "file": "dogfood-gate.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in governance.yml", + "type": "unknown", + "file": "governance.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in hypatia-scan.yml", + "type": "unknown", + "file": "hypatia-scan.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in language-blockers.yml", + "type": "unknown", + "file": "language-blockers.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in language-blockers.yml", + "type": "unknown", + "file": "language-blockers.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in mirror.yml", + "type": "unknown", + "file": "mirror.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in quality.yml", + "type": "unknown", + "file": "quality.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in quality.yml", + "type": "unknown", + "file": "quality.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in quality.yml", + "type": "unknown", + "file": "quality.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in quality.yml", + "type": "unknown", + "file": "quality.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in quality.yml", + "type": "unknown", + "file": "quality.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in quality.yml", + "type": "unknown", + "file": "quality.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in release.yml", + "type": "unknown", + "file": "release.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in release.yml", + "type": "unknown", + "file": "release.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in release.yml", + "type": "unknown", + "file": "release.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in release.yml", + "type": "unknown", + "file": "release.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in release.yml", + "type": "unknown", + "file": "release.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in release.yml", + "type": "unknown", + "file": "release.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in release.yml", + "type": "unknown", + "file": "release.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in rust.yml", + "type": "unknown", + "file": "rust.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in rust.yml", + "type": "unknown", + "file": "rust.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in rust.yml", + "type": "unknown", + "file": "rust.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in rust.yml", + "type": "unknown", + "file": "rust.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in rust.yml", + "type": "unknown", + "file": "rust.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in rust.yml", + "type": "unknown", + "file": "rust.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in scorecard.yml", + "type": "unknown", + "file": "scorecard.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in secret-scanner.yml", + "type": "unknown", + "file": "secret-scanner.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in security-policy.yml", + "type": "unknown", + "file": "security-policy.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in tests.yml", + "type": "unknown", + "file": "tests.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in tests.yml", + "type": "unknown", + "file": "tests.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in tests.yml", + "type": "unknown", + "file": "tests.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in tests.yml", + "type": "unknown", + "file": "tests.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in tests.yml", + "type": "unknown", + "file": "tests.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Issue in tests.yml", + "type": "unknown", + "file": "tests.yml", + "action": "flag", + "rule_module": "workflow_audit", + "severity": "medium" + }, + { + "reason": "Repository has 3 non-main remote branch(es). Policy: single main branch only.", + "type": "GS007", + "file": ".", + "action": "delete_remote_branches", + "rule_module": "git_state", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unpinned_action -- Hypatia workflow_audit: unpinned_action -- 1 day(s) old", + "type": "CSA001", + "file": "verify-proofs.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "tests.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "tests.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "tests.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "tests.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "tests.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "tests.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "security-policy.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "Code scanning (Hypatia): hypatia/workflow_audit/unknown -- Hypatia workflow_audit: unknown -- 2 day(s) old", + "type": "CSA001", + "file": "secret-scanner.yml", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + }, + { + "reason": "29 total open code-scanning alert(s) -- security hygiene review", + "type": "CSA002", + "file": "hyperpolymath/hypatia", + "action": "review", + "rule_module": "code_scanning_alerts", + "severity": "medium" + } + ], + "submission_metadata": { + "repo": "hyperpolymath/hypatia", + "commit": "1536ebe9569ebae167ef7295c3eee1fb3943cd82", + "submitted_at": "2026-05-30T15:14:50Z", + "scanner_version": "hypatia-v2" + } +} diff --git a/shared-context/findings/hyperpolymath-hypatia/latest.json b/shared-context/findings/hyperpolymath-hypatia/latest.json index a815ba9..a81bba6 120000 --- a/shared-context/findings/hyperpolymath-hypatia/latest.json +++ b/shared-context/findings/hyperpolymath-hypatia/latest.json @@ -1 +1 @@ -20260530-143124.json \ No newline at end of file +20260530-151449.json \ No newline at end of file