Check change set

feat!: add more inputs to Macaron Action and improve GitHub Action analysis #3365

Sign in to view logs

Triggered via pull request March 30, 2026 06:57

behnazh-w

synchronize #1339

behnazh/detect-injection-gha

Status Success

Total duration 48m 35s

Artifacts 5

pr-change-set.yaml

on: pull_request

Matrix: build / Build Macaron

build / ... / build-docker

build / ... / Analyzing and comparing different versions of an artifact

build / ... / Detecting malicious packages

build / ... / How to detect vulnerable GitHub Actions

build / ... / Provenance discovery, extraction, and verification

build / ... / Detecting Java dependencies manually uploaded to Maven Central

build / ... / Exclude and include checks in Macaron

build / ... / How to detect vulnerable GitHub Actions

build / ... / How to detect vulnerable GitHub Actions

Annotations

3 errors

build / build_docker_image / test-macaron-action / How to detect vulnerable GitHub Actions

Process completed with exit code 1.

build / build_docker_image / test-macaron-action / Analyzing and comparing different versions of an artifact

Process completed with exit code 1.

build / build_docker_image / test-macaron-action / How to detect vulnerable GitHub Actions

Process completed with exit code 1.

Artifacts

Produced during runtime

Name	Size	Digest
artifact-ubuntu-latest-python-3.11 Expired	27.5 MB	`sha256:05a424acdebd51375b49cb165313059ce0523acfc0f011de2ddac601f3ec0682`
macaron-reports-vulnerable-actions-purl	35.1 KB	`sha256:51a2f9cc0917476102f12b0f5e24646d20f6e2762e39c26b20be614319d7b153`
macaron-reports-vulnerable-actions-repo	20.8 KB	`sha256:610601e866fc4a1bdf1a6935a2bc18e3edcb0b6d3c15d7f3ef01f407e261e45b`
macaron-test-image Expired	377 MB	`sha256:7ccdeefcdad9cb486cabe20c97d99347aa42cf55cc0d0e353ee47f1c71969889`
macaron-vulnerable-actions-fail-diagnosis	21.8 KB	`sha256:c4bac372aa893ddd7a010d60f94c046249fd306479b859ebb3b22f94f8f6269b`