Review Run
firmcloudapps/firmcode-tester / PR #47 / ccdfcd832d14
Live Semgrep finding smoke
Duration
24s
Files analyzed
1
Semgrep findings
1
AI findings
0
Inline comments
0
Tokens / cost
Pending
Webhook Received, Diff Fetched, Tree-sitter Parsed, Semgrep Scanned, LLM Reviewed, and Comments Published.
Pending
Pending
artifact 93cd1702
duplicate key value violates unique constraint "published_comments_github_comment_id_unique" DETAIL: Key (github_comment_id)=(3293479432) already exists.
Pending
artifact 6fcfb84b
Pending
artifact 4cca5236
Pending
Pending
1 changed files recorded for this run
| Path | Status | Language | Lines | Risk flags |
|---|---|---|---|---|
| .github/workflows/firmcode-live-semgrep-smoke.yml | added | yaml | +15 / -0 | None |
1 grounded findings from Semgrep, AI, CI, or policy
| Severity | Source | Finding | File | Line | Posted |
|---|---|---|---|---|---|
| Medium | semgrep | app.infra.semgrep.firmcode.infra.github-actions.unpinned-action GitHub Action is not pinned to a full commit SHA. Pin third-party actions to a reviewed commit to reduce supply-chain drift. | .github/workflows/firmcode-live-semgrep-smoke.yml | 10 | Not posted |
3 stored analysis artifacts
{
"artifact": {
"files": [
{
"path": ".github/workflows/firmcode-live-semgrep-smoke.yml",
"hunks": [
{
"lines": [
{
"type": "addition",
"content": "name: Firmcode Live Semgrep Smoke",
"newLineNumber": 1,
"oldLineNumber": null
},
{
"type": "addition",
"content": "",
"newLineNumber": 2,
"oldLineNumber": null
},
{
"type": "addition",
"content": "on:",
"newLineNumber": 3,
"oldLineNumber": null
},
{
"type": "addition",
"content": " workflow_dispatch:",
"newLineNumber": 4,
"oldLineNumber": null
},
{
"type": "addition",
"content": "",
"newLineNumber": 5,
"oldLineNumber": null
},
{
"type": "addition",
"content": "jobs:",
"newLineNumber": 6,
"oldLineNumber": null
},
{
"type": "addition",
"content": " smoke:",
"newLineNumber": 7,
"oldLineNumber": null
},
{
"type": "addition",
"content": " runs-on: ubuntu-latest",
"newLineNumber": 8,
"oldLineNumber": null
},
{
"type": "addition",
"content": " steps:",
"newLineNumber": 9,
"oldLineNumber": null
},
{
"type": "addition",
"content": " - uses: actions/checkout@v4",
"newLineNumber": 10,
"oldLineNumber": null
},
{
"type": "addition",
"content": " - run: echo \"firmcode live semgrep smoke\"",
"newLineNumber": 11,
"oldLineNumber": null
},
{
"type": "addition",
"content": " - run: echo \"firmcode live semgrep smoke rerun\"",
"newLineNumber": 12,
"oldLineNumber": null
},
{
"type": "addition",
"content": " - run: echo \"firmcode live semgrep smoke verify\"",
"newLineNumber": 13,
"oldLineNumber": null
},
{
"type": "addition",
"content": " - run: echo \"firmcode live semgrep smoke final\"",
"newLineNumber": 14,
"oldLineNumber": null
},
{
"type": "addition",
"content": " - run: echo \"firmcode live semgrep smoke post-deploy\"",
"newLineNumber": 15,
"oldLineNumber": null
}
],
"newStart": 1,
"oldStart": 0,
"newLineCount": 15,
"oldLineCount": 0,
"sectionHeader": ""
}
],
"patch": "@@ -0,0 +1,15 @@\n+name: Firmcode Live Semgrep Smoke\n+\n+on:\n+ workflow_dispatch:\n+\n+jobs:\n+ smoke:\n+ runs-on: ubuntu-latest\n+ steps:\n+ - uses: actions/checkout@v4\n+ - run: echo \"firmcode live semgrep smoke\"\n+ - run: echo \"firmcode live semgrep smoke rerun\"\n+ - run: echo \"firmcode live semgrep smoke verify\"\n+ - run: echo \"firmcode live semgrep smoke final\"\n+ - run: echo \"firmcode live semgrep smoke post-deploy\"",
"status": "added",
"language": "yaml",
"additions": 15,
"deletions": 0,
"sizeBytes": 419,
"previousPath": null,
"changedNewLines": [
1,
2,
3,
4,
5,
6,
7,
8,
9,
10,
11,
12,
13,
14,
15
],
"headContentSha256": "35b112752e8c0636cc9d9cf39313044818002c7072178519fdb9b61721b8c5b6"
}
],
"baseSha": "77019f46746e1c94297a9b7698eed523ea0b83ee",
"headSha": "ccdfcd832d14a1d8dbae69682e3b0d88d9b5aa1b",
"reviewRunId": "a6ae770c-1b50-4344-86c3-96fb2d3e2a95",
"skippedFiles": [],
"schemaVersion": "diff-artifact/v1",
"pullRequestNumber": 47,
"repositoryFullName": "firmcloudapps/firmcode-tester"
}
}{
"artifact": {
"paths": {
"scanned": [
".github/workflows/firmcode-live-semgrep-smoke.yml"
],
"skipped": []
},
"errors": [],
"exitCode": 0,
"findings": [
{
"id": "semgrep:app.infra.semgrep.firmcode.infra.github-actions.unpinned-action:.github/workflows/firmcode-live-semgrep-smoke.yml:10:e23868accb05",
"end": {
"line": 10,
"column": 34,
"offset": 147
},
"fix": null,
"path": ".github/workflows/firmcode-live-semgrep-smoke.yml",
"lines": "requires login",
"start": {
"line": 10,
"column": 9,
"offset": 122
},
"ruleId": "app.infra.semgrep.firmcode.infra.github-actions.unpinned-action",
"message": "GitHub Action is not pinned to a full commit SHA. Pin third-party actions to a reviewed commit to reduce supply-chain drift.",
"metadata": {
"category": "ci",
"technology": [
"github-actions"
],
"remediation": "Replace the tag or branch after @ with the action commit SHA, and update it through a dependency update workflow."
},
"severity": "medium",
"fingerprint": "requires login",
"sourceSeverity": "WARNING"
}
],
"durationMs": 7972,
"reviewRunId": "a6ae770c-1b50-4344-86c3-96fb2d3e2a95",
"toolVersion": "1.163.0",
"schemaVersion": "semgrep-artifact/v1"
}
}{
"artifact": {
"files": [
{
"path": ".github/workflows/firmcode-live-semgrep-smoke.yml",
"errors": [],
"parser": "tree-sitter-yaml",
"imports": [],
"symbols": [
{
"kind": "mapping",
"name": "name",
"range": {
"endLine": 1,
"startLine": 1
},
"changed": true,
"byteRange": {
"endByte": 33,
"startByte": 0
}
},
{
"kind": "mapping",
"name": "on",
"range": {
"endLine": 4,
"startLine": 3
},
"changed": true,
"byteRange": {
"endByte": 59,
"startByte": 35
}
},
{
"kind": "mapping",
"name": "workflow_dispatch",
"range": {
"endLine": 4,
"startLine": 4
},
"changed": true,
"byteRange": {
"endByte": 59,
"startByte": 41
}
},
{
"kind": "mapping",
"name": "jobs",
"range": {
"endLine": 15,
"startLine": 6
},
"changed": true,
"byteRange": {
"endByte": 419,
"startByte": 61
}
},
{
"kind": "mapping",
"name": "smoke",
"range": {
"endLine": 15,
"startLine": 7
},
"changed": true,
"byteRange": {
"endByte": 419,
"startByte": 69
}
},
{
"kind": "mapping",
"name": "runs-on",
"range": {
"endLine": 8,
"startLine": 8
},
"changed": true,
"byteRange": {
"endByte": 102,
"startByte": 80
}
},
{
"kind": "mapping",
"name": "steps",
"range": {
"endLine": 15,
"startLine": 9
},
"changed": true,
"byteRange": {
"endByte": 419,
"startByte": 107
}
},
{
"kind": "mapping",
"name": "uses",
"range": {
"endLine": 10,
"startLine": 10
},
"changed": true,
"byteRange": {
"endByte": 147,
"startByte": 122
}
},
{
"kind": "mapping",
"name": "run",
"range": {
"endLine": 11,
"startLine": 11
},
"changed": true,
"byteRange": {
"endByte": 195,
"startByte": 156
}
},
{
"kind": "mapping",
"name": "run",
"range": {
"endLine": 12,
"startLine": 12
},
"changed": true,
"byteRange": {
"endByte": 249,
"startByte": 204
}
},
{
"kind": "mapping",
"name": "run",
"range": {
"endLine": 13,
"startLine": 13
},
"changed": true,
"byteRange": {
"endByte": 304,
"startByte": 258
}
},
{
"kind": "mapping",
"name": "run",
"range": {
"endLine": 14,
"startLine": 14
},
"changed": true,
"byteRange": {
"endByte": 358,
"startByte": 313
}
},
{
"kind": "mapping",
"name": "run",
"range": {
"endLine": 15,
"startLine": 15
},
"changed": true,
"byteRange": {
"endByte": 418,
"startByte": 367
}
}
],
"hasError": false,
"language": "yaml",
"hunkScopes": [
{
"path": ".github/workflows/firmcode-live-semgrep-smoke.yml",
"hunkNewEnd": 15,
"hunkNewStart": 1,
"enclosingSymbol": "name"
}
],
"parseStatus": "parsed",
"errorNodeCount": 0,
"missingNodeCount": 0
}
],
"reviewRunId": "a6ae770c-1b50-4344-86c3-96fb2d3e2a95",
"parserVersion": "0.25.2",
"schemaVersion": "tree-sitter-artifact/v1"
}
}0 redacted log excerpts available
No log excerpts were stored for this run.
0 summary, review, or inline comments