Functions§
- artifact_
boundary_ crossing - MVP Rule 5: Artifact produced by privileged step consumed across trust boundary.
- authority_
propagation - MVP Rule 1: Authority (secret/identity) propagated across a trust boundary.
- floating_
image - Tier 6 Rule: Container image without Docker digest pinning.
- long_
lived_ credential - Stretch Rule 9: Secret name matches known long-lived/static credential pattern.
- over_
privileged_ identity - MVP Rule 2: Identity scope broader than actual usage.
- persisted_
credential - Stretch Rule: checkout step with
persistCredentials: truewrites credentials to disk. - run_
all_ rules - Run all rules against a graph.
- unpinned_
action - MVP Rule 3: Third-party action/image without SHA pin.
- untrusted_
with_ authority - MVP Rule 4: Untrusted step has direct access to secret/identity.