GHA-SEC008Artifact Uploads with Sensitive Files
Problem Statement
Avoid uploading secrets or config files as artifacts.
Vulnerability
Secret Leakage via Artifacts
Code Examples
Insecure Implementation
- uses: actions/upload-artifact@v3
with:
path: .envSecure Implementation
- uses: actions/upload-artifact@v3
with:
path: logs/output.txtRemediation Steps
- Audit uploaded artifacts regularly.
- Exclude sensitive files from uploads.