Rules

sisakulint Rules #

sisakulint provides comprehensive security rules for GitHub Actions workflows. Rules are categorized by severity and the security risks they address.

Severity Summary #

sisakulint categorizes security rules by severity based on CVSS scores, attack impact, and exploitability.

SeverityCountCVSS RangeDescription
Critical149.0-10.0Immediate risk, can lead to RCE or full compromise
High197.0-8.9Significant risk, enables serious attacks
Medium144.0-6.9Moderate risk, requires specific conditions
Low60.1-3.9Best practices, minimal direct security impact

Security Rules Overview #

Code Injection / Poisoned Pipeline Execution (CICD-SEC-04) #

RuleSeverityDescription
code-injection-criticalCriticalDetects untrusted input in privileged workflow triggers
code-injection-mediumMediumDetects untrusted input in normal workflow triggers
envvar-injection-criticalCriticalDetects untrusted input written to $GITHUB_ENV in privileged triggers
envvar-injection-mediumMediumDetects untrusted input written to $GITHUB_ENV in normal triggers
envpath-injection-criticalCriticalDetects untrusted input written to $GITHUB_PATH in privileged triggers
envpath-injection-mediumMediumDetects untrusted input written to $GITHUB_PATH in normal triggers
output-clobbering-criticalCriticalDetects untrusted input written to $GITHUB_OUTPUT in privileged triggers
output-clobbering-mediumMediumDetects untrusted input written to $GITHUB_OUTPUT in normal triggers
argument-injection-criticalCriticalDetects command-line argument injection in privileged triggers
argument-injection-mediumMediumDetects command-line argument injection in normal triggers
request-forgery-criticalCriticalDetects SSRF vulnerabilities in privileged triggers
request-forgery-mediumMediumDetects SSRF vulnerabilities in normal triggers
untrusted-checkoutCriticalDetects checkout of untrusted PR code in privileged contexts
untrusted-checkout-toctou-criticalCriticalDetects TOCTOU vulnerabilities with labeled event type and mutable refs
untrusted-checkout-toctou-highHighDetects TOCTOU vulnerabilities with deployment environment and mutable refs
reusable-workflow-taintCriticalDetects untrusted input passed to reusable workflows
unsound-containsMediumDetects bypassable contains() function usage

Insufficient Flow Control (CICD-SEC-01) #

RuleSeverityDescription
dangerous-triggers-criticalCriticalDetects privileged triggers without any security mitigations
dangerous-triggers-mediumMediumDetects privileged triggers with partial security mitigations
improper-access-controlHighDetects label-based approval bypass vulnerabilities
bot-conditionsHighDetects spoofable bot detection conditions

Artifact and Cache Poisoning (CICD-SEC-09) #

RuleSeverityDescription
artifact-poisoning-criticalCriticalDetects artifact poisoning in privileged workflows
artifact-poisoning-mediumMediumDetects artifact poisoning in normal workflows
cache-poisoningHighDetects cache poisoning vulnerabilities
cache-poisoning-poisonable-stepHighDetects poisonable steps after unsafe checkout
cache-bloatLowDetects cache bloat issues with cache/restore and cache/save
artipackedCriticalDetects credential leakage via persisted checkout credentials
secrets-in-artifactsHighDetects secrets exposure in uploaded artifacts

Identity and Access Management (CICD-SEC-02) #

RuleSeverityDescription
permissionsHighValidates GITHUB_TOKEN permission scopes
secret-exposureHighDetects excessive secrets exposure patterns
unmasked-secret-exposureHighDetects unmasked secret exposure from fromJson()
secrets-inheritHighDetects excessive secret inheritance in reusable workflow calls
secret-exfiltrationCriticalDetects secret exfiltration to external services

Credential Hygiene (CICD-SEC-06) #

RuleSeverityDescription
credentialsHighDetects hardcoded credentials using Rego

Third Party Services (CICD-SEC-08) #

RuleSeverityDescription
action-listLowEnforces action allowlist/blocklist policies
commit-shaHighValidates commit SHA pinning in actions
known-vulnerable-actionsVariesDetects actions with known security vulnerabilities
archived-usesMediumDetects usage of archived actions
impostor-commitCriticalDetects impostor commits from fork network
ref-confusionHighDetects ref confusion attacks
unpinned-imagesMediumDetects container images not pinned by SHA256

Workflow Validation #

RuleSeverityDescription
idLowValidates job and step IDs
job-needsLowValidates job dependencies
workflow-callMediumValidates reusable workflow calls
timeout-minutesLowEnsures timeout-minutes is set

Expression and Syntax Validation #

RuleSeverityDescription
expressionMediumValidates GitHub Actions expression syntax
conditionalMediumValidates conditional expressions
environment-variableLowValidates environment variable names
deprecated-commandsHighDetects deprecated workflow commands

Runner Security #

RuleSeverityDescription
self-hosted-runnersHighDetects self-hosted runner usage in public repos

AI Agent Security #

RuleSeverityDescription
ai-action-unrestricted-triggerHighDetects AI actions allowing any user to trigger execution via allowed_non_write_users: "*"
ai-action-excessive-toolsHighDetects dangerous tool grants (Bash/Write/Edit) to AI agents in untrusted trigger contexts
ai-action-prompt-injectionHighDetects untrusted input interpolated into AI agent prompt parameters (Clinejection)

Obfuscation Detection #

RuleSeverityDescription
obfuscationHighDetects obfuscated workflow patterns

Auto-Fix Support #

The following rules support automatic fixing with sisakulint -fix on:

  • timeout-minutes - Adds default timeout-minutes: 5
  • commit-sha - Converts action tags to commit SHAs
  • credentials - Removes hardcoded passwords
  • code-injection-critical/medium - Moves untrusted expressions to environment variables
  • envvar-injection-critical/medium - Sanitizes untrusted input before writing to $GITHUB_ENV
  • envpath-injection-critical/medium - Validates paths with realpath before writing to $GITHUB_PATH
  • output-clobbering-critical/medium - Transforms vulnerable patterns to heredoc syntax
  • argument-injection-critical/medium - Adds end-of-options marker and environment variables
  • request-forgery-critical/medium - Moves untrusted expressions to environment variables
  • untrusted-checkout - Adds explicit ref to checkout in privileged contexts
  • untrusted-checkout-toctou-critical/high - Fixes TOCTOU vulnerabilities
  • reusable-workflow-taint - Converts unsafe patterns to use environment variables
  • artifact-poisoning-critical/medium - Adds validation steps for artifact downloads
  • improper-access-control - Replaces mutable refs with immutable SHAs and changes event types
  • conditional - Removes unnecessary ${{ }} wrappers
  • secret-exposure - Converts bracket notation to dot notation
  • unmasked-secret-exposure - Adds ::add-mask:: command for derived secrets
  • secrets-inherit - Replaces secrets: inherit with explicit secret mappings
  • bot-conditions - Replaces spoofable bot conditions with safe alternatives
  • artipacked - Adds persist-credentials: false to checkout steps
  • secrets-in-artifacts - Adds include-hidden-files: false for upload-artifact v3
  • unsound-contains - Converts string literal to fromJSON() array format
  • impostor-commit - Pins action to commit SHA
  • ref-confusion - Pins action to commit SHA when ref confusion is detected
  • obfuscation - Normalizes obfuscated paths and shell commands
  • known-vulnerable-actions - Updates vulnerable actions to patched versions
  • cache-poisoning - Removes unsafe ref from checkout step
  • cache-bloat - Adds appropriate if conditions for cache/restore and cache/save
  • dangerous-triggers-critical/medium - Adds permissions: {} to workflows

OWASP CI/CD Top 10 Mapping #

OWASP RiskDescriptionsisakulint Rules
CICD-SEC-01Insufficient Flow Control Mechanismsimproper-access-control, bot-conditions, unsound-contains, dangerous-triggers-*
CICD-SEC-02Inadequate Identity and Access Managementpermissions, secret-exposure, unmasked-secret-exposure, secrets-inherit, ai-action-unrestricted-trigger
CICD-SEC-03Dependency Chain Abuseknown-vulnerable-actions, archived-uses, impostor-commit, ref-confusion, reusable-workflow-taint
CICD-SEC-04Poisoned Pipeline Execution (PPE)code-injection-, envvar-injection-, envpath-injection-, output-clobbering-, argument-injection-, untrusted-checkout-
CICD-SEC-05Insufficient PBAC (Pipeline-Based Access Controls)self-hosted-runners
CICD-SEC-06Insufficient Credential Hygienecredentials, artipacked, secrets-in-artifacts, secret-exfiltration, ai-action-excessive-tools, ai-action-prompt-injection
CICD-SEC-07Insecure System Configurationtimeout-minutes, deprecated-commands, cache-bloat
CICD-SEC-08Ungoverned Usage of 3rd Party Servicesaction-list, commit-sha, unpinned-images
CICD-SEC-09Improper Artifact Integrity Validationartifact-poisoning-, cache-poisoning-
CICD-SEC-10Insufficient Logging and Visibilityobfuscation, request-forgery-*