{"reviewRunId":"304b21ce-6c66-4280-a170-014ae010bf87","artifactId":"4613d988-dee3-4565-b7da-3ab8ff30ee1c","artifactType":"semgrep","storageKey":"semgrep-artifact/v1","metadata":{"artifact":{"paths":{"scanned":[".github/workflows/firmcode-live-semgrep-smoke.yml"],"skipped":[]},"errors":[],"exitCode":0,"findings":[{"id":"semgrep:app.infra.semgrep.firmcode.infra.github-actions.unpinned-action:.github/workflows/firmcode-live-semgrep-smoke.yml:10:e23868accb05","end":{"line":10,"column":34,"offset":147},"fix":null,"path":".github/workflows/firmcode-live-semgrep-smoke.yml","lines":"requires login","start":{"line":10,"column":9,"offset":122},"ruleId":"app.infra.semgrep.firmcode.infra.github-actions.unpinned-action","message":"GitHub Action is not pinned to a full commit SHA. Pin third-party actions to a reviewed commit to reduce supply-chain drift.","metadata":{"category":"ci","technology":["github-actions"],"remediation":"Replace the tag or branch after @ with the action commit SHA, and update it through a dependency update workflow."},"severity":"medium","fingerprint":"requires login","sourceSeverity":"WARNING"}],"durationMs":8690,"reviewRunId":"304b21ce-6c66-4280-a170-014ae010bf87","toolVersion":"1.163.0","schemaVersion":"semgrep-artifact/v1"}},"rawAccessAllowed":true,"createdAt":"2026-05-23T21:28:30.844Z"}