GHA-SEC010Secrets in Global `env:`
Problem Statement
Globally scoped secrets increase exposure risk.
Vulnerability
Increased Secret Exposure
Code Examples
Insecure Implementation
env:
SECRET_TOKEN: ${{ secrets.MY_SECRET }}Secure Implementation
- run: ./script.sh
env:
SECRET_TOKEN: ${{ secrets.MY_SECRET }}Remediation Steps
- Always scope secrets at the minimal necessary level.