mirror of https://github.com/grafana/grafana.git
37 lines
1.0 KiB
YAML
37 lines
1.0 KiB
YAML
rules:
|
|
unpinned-uses:
|
|
config:
|
|
policies:
|
|
"*": hash-pin
|
|
actions/*: any
|
|
github/*: any
|
|
grafana/*: any
|
|
forbidden-uses:
|
|
config:
|
|
deny:
|
|
# Policy-banned by our security team due to CVE-2025-30066 & CVE-2025-30154.
|
|
# https://www.cisa.gov/news-events/alerts/2025/03/18/supply-chain-compromise-third-party-tj-actionschanged-files-cve-2025-30066-and-reviewdogaction
|
|
# https://nvd.nist.gov/vuln/detail/cve-2025-30066
|
|
# https://nvd.nist.gov/vuln/detail/cve-2025-30154
|
|
- reviewdog/*
|
|
cache-poisoning:
|
|
ignore:
|
|
- backend-unit-tests.yml
|
|
- frontend-lint.yml
|
|
- pr-frontend-unit-tests.yml
|
|
- pr-test-integration.yml
|
|
- publish-kinds-release.yml
|
|
- pr-e2e-tests.yml
|
|
- swagger-gen.yml
|
|
dangerous-triggers:
|
|
ignore:
|
|
- auto-milestone.yml
|
|
- backport.yml
|
|
- pr-checks.yml
|
|
- pr-commands.yml
|
|
- pr-patch-check-event.yml
|
|
- run-dashboard-search-e2e.yml
|
|
excessive-permissions:
|
|
ignore:
|
|
- release-comms.yml
|