Skip to content
Security Analysis & Linting

Security Analysis & Linting #18

Sign in to view logs

Security Analysis & Linting

Security Analysis & Linting #18

Triggered via schedule April 26, 2026 01:19
@abhijeetmohananabhijeetmohanan
b0ef530
master
Status Failure
Total duration 1m 9s
Artifacts 8

security-analysis.yml

on: schedule
Lint & Format Check
10s
Lint & Format Check
Python SAST (Bandit)
9s
Python SAST (Bandit)
Semgrep SAST
34s
Semgrep SAST
SonarQube Local Analysis
33s
SonarQube Local Analysis
Dependency Security Check
34s
Dependency Security Check
Secret Detection
7s
Secret Detection
Dockerfile Lint (Hadolint)
10s
Dockerfile Lint (Hadolint)
Docker Image Security (Trivy)
1m 7s
Docker Image Security (Trivy)
Docker Filesystem Scan (Trivy)
26s
Docker Filesystem Scan (Trivy)
Fit to window
Zoom out
Zoom in

Annotations

4 errors and 9 warnings
Lint & Format Check
Process completed with exit code 1.
ruff (F401): src/growmcp/tools/feeds.py#L7
src/growmcp/tools/feeds.py:7:36: F401 `..auth.get_groww_client` imported but unused help: Remove unused import: `..auth.get_groww_client`
ruff (F401): src/growmcp/tools/feeds.py#L3
src/growmcp/tools/feeds.py:3:20: F401 `typing.Optional` imported but unused help: Remove unused import: `typing.Optional`
Dependency Security Check
Process completed with exit code 1.
Secret Detection
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/checkout@v4, actions/upload-artifact@v4. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
Python SAST (Bandit)
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/checkout@v4, actions/setup-python@v5, actions/upload-artifact@v4. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
Lint & Format Check
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/checkout@v4, actions/setup-python@v5. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
Dockerfile Lint (Hadolint)
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/checkout@v4, actions/upload-artifact@v4. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
Docker Filesystem Scan (Trivy)
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/checkout@v4, actions/upload-artifact@v4. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
SonarQube Local Analysis
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/checkout@v4, actions/setup-python@v5, actions/upload-artifact@v4. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
Dependency Security Check
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/checkout@v4, actions/setup-python@v5, actions/upload-artifact@v4. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
Semgrep SAST
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/checkout@v4, actions/upload-artifact@v4. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
Docker Image Security (Trivy)
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/checkout@v4, actions/upload-artifact@v4, docker/setup-buildx-action@v3. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/

Artifacts

Produced during runtime
Name Size Digest
bandit-sast-report
862 Bytes
sha256:f701ec18384f2f5848142f4df09904933f46990b70dd29434e8158b037b15881
dependency-audit-report
1.42 KB
sha256:d4b7cae8d9b3a3663eed93c834a9a37a80efc08d119ad4735ff6d6e95dec1d5d
gitleaks-secrets-report
159 Bytes
sha256:e32a2b4ce57ddb3993497e41ff41e036e701c473fd17a7c5ad0fbd308d99bfea
hadolint-report
409 Bytes
sha256:bb417983b82c2d71347f0c3d57175e9f8901f892aae1c0a41a3c497b7314611f
semgrep-sast-report
735 Bytes
sha256:6af6cb59d4ca0fb5e8b297759a583ac167e169b1c3c7abaac2d71db0faaf2e5f
sonar-local-report
1.2 KB
sha256:d9d40c199255ad53d1a2e7a548205730457d1a8f442b4a3358f7a7b5583b6dc9
trivy-filesystem-report
554 Bytes
sha256:e2e5fddd71257f5e63930b244577645ab32e0a21127c86b86f06a705840d71cf
trivy-image-report
21.5 KB
sha256:4c8a7f434c8706f1ed8d3b67f7632677ef09d9f93ec87b20930e7579e6e9deda