Security audit failed: 10 checks failed #14
Description
Hekkos has identified security configuration issues in this repository based on SLSA v1.2 requirements.
Security audit summary
10 of 12 security checks are failing.
| Security Check | Status | Issues |
|---|---|---|
| Branch Protection | ❌ Failing | 1 issue |
| CODEOWNERS | ❌ Failing | 1 issue |
| Code Scanning | ❌ Failing | 1 issue |
| Secret Scanning | ❌ Failing | 1 issue |
| Dependency Review | ❌ Failing | 1 issue |
| Signed Commits | ❌ Failing | 1 issue |
| Fork Restriction | ✅ Passing | - |
| CI Workflow Fork Restriction | ❌ Failing | 1 issue |
| Private Vulnerability Reporting | ❌ Failing | 1 issue |
| Workflow Permissions | ❌ Failing | 1 issue |
| Action Pinning | ❌ Failing | 4 issues |
| Self-Hosted Runners | ✅ Passing | - |
What to do next
Review the sub-issues linked to this issue for detailed information about each security check failure. Each sub-issue includes specific remediation steps and links to relevant documentation.
Hekkos commands and options
You can trigger Hekkos actions by commenting on this issue:
@hekkos-demo-app audit- Re-run the security audit and update this issue
You can find more information about these security requirements in the SLSA Framework documentation and GitHub Security Features.