| Field | Value |
|---|---|
| Category | CICD-SEC-2 |
| Severity | MEDIUM |
| Confidence | HIGH |
| OWASP | CICD-SEC-2: Inadequate Identity and Access Management |
| Auto-fix | ✗ |
What the check does
Flags a publishing step that authenticates to a package registry with a long-lived token where the registry supports OIDC trusted publishing:- PyPI via
pypa/gh-action-pypi-publishwith apassword:input npm publishwithNODE_AUTH_TOKENcargo publishwithCARGO_REGISTRY_TOKENgem pushwithGEM_HOST_API_KEY