-
Notifications
You must be signed in to change notification settings - Fork 70
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug: Token-Permissions alert contains broken link #1386
Comments
Hi @jasonkarns I tried to repro this issue but I get a different URL which works fine. Can you please share link to a scorecard-action workflow run where you got this url? |
The run is behind github's code scanning, which isn't part of the public Actions runs. It's under the private Security tab: https://github.com/nodenv/node-build/security/code-scanning/15 The link url is: https://app.stepsecurity.io/secureworkflow/github.com/nodenv/node-build/version.yml/main?enable=permissions |
it seems an extra github.com is being inserted here, and must have been between v2.3.1 and v2.3.3 (which corresponds to v4.13.1 and v5.0.0-rc2 of scorecard), causing the link to 404. |
I was looking at this briefly to see if it was something we could address before the next release this week, and I'm actually unable to replicate. Copy/pasted from my security tab in a test repo: .github/workflows/ref.yml:1 |
The description of this alert:
contains a link. The link generated is: https://app.stepsecurity.io/secureworkflow but the url is wrong and gets a 404.
The text was updated successfully, but these errors were encountered: