Ensure GitHub Actions does not contain workflow_dispatch inputs parameters
Error: GitHub Actions contain workflow_dispatch inputs parameters
Bridgecrew Policy ID: BC_REPO_GITHUB_ACTION_7
Checkov Check ID: CKV_GHA_7
Severity: LOW
GitHub Actions contain workflow_dispatch inputs parameters
To maintain an untampered workflow, pipelines should be unaffected by user input. In GitHub Actions, workflow_dispatch allows you to manually trigger pipelines and enter unique inputs per run. While this may be helpful for running different scenarios, it breaks the policy that workflows should not use user input and should be automated.
Example Fix
on:
workflow_dispatch:
- inputs:
- ...
Updated 10 months ago