lintai docs

Appearance

Rule Reference

SEC324lintai-ai-securitystablegithub_workflowwarn

GitHub Actions: unpinned third-party action

GitHub Actions workflow uses a third-party action that is not pinned to a full commit SHA

Provider
lintai-ai-security
Surface
github_workflow
Scope
per_file
Tier
stable
Severity
warn
Confidence
high
Detection
structural
Remediation
message_only

Activation Model

Preset Membership

This rule is part of the builtin activation graph through these preset memberships.

recommendedmembership
supply-chainmembership

Lifecycle

Stable Lifecycle Contract

State

stable_gated

Graduation rationale

Checks workflow uses: entries for third-party actions that rely on mutable refs instead of immutable commit SHAs; positioned as a supply-chain hardening control rather than a direct exploit claim.

Deterministic signal basis

GithubWorkflowSignals line-level uses: extraction gated by semantically confirmed workflow YAML.

Malicious corpus
github-workflow-third-party-unpinned-action
Benign corpus
github-workflow-pinned-third-party-action
structured evidence required remediation reviewed
Canonical note

Structural stable rule positioned as a supply-chain hardening control: high-precision and actionable, but not a blanket claim of direct repository compromise.

Nearby Signals

Related Rules

SEC328GitHub Actions: write-capable third-party actionGitHub Actions workflow combines explicit write-capable permissions with a third-party actiongithub_workflowpreview
SEC326GitHub Actions: pull_request_target checkoutGitHub Actions pull_request_target workflow checks out untrusted pull request head contentgithub_workflowstable
SEC327GitHub Actions: write-all tokenGitHub Actions workflow grants GITHUB_TOKEN write-all permissionsgithub_workflowstable
SEC325GitHub Actions: untrusted expression in runGitHub Actions workflow interpolates untrusted expression data directly inside a run commandgithub_workflowpreview

Why It Matters

Third-party GitHub Actions referenced by tags or short refs stay mutable over time. In committed CI workflows, that weakens reproducibility and makes it harder to review exactly which action code the workflow approved.

What Triggers

SEC324 applies only to semantically confirmed GitHub Actions workflow YAML and triggers when:

  • a uses: step references a third-party action
  • the action ref is not a full 40-character commit SHA
  • the reference is not an official actions/* action

Examples that trigger:

yaml
- uses: docker/login-action@v4
- uses: aquasecurity/trivy-action@master

Examples that stay clean:

yaml
- uses: docker/login-action@0123456789abcdef0123456789abcdef01234567
- uses: actions/checkout@v6

False Positives

This rule is intentionally positioned as a supply-chain hardening control, not as proof of a compromised action. Some teams may trust release tags operationally, but the finding remains useful because it identifies mutable third-party execution in committed CI.

Remediation

Pin the third-party action to a full commit SHA and, if useful for readability, keep the human-friendly version in an adjacent comment.