GHA-SEC011Auto-Approve Pull Requests
Problem Statement
Automating PR approval removes manual oversight.
Vulnerability
Unauthorized Code Merge
Code Examples
Insecure Implementation
- run: gh pr review --approveSecure Implementation
# Use manual review from maintainersRemediation Steps
- Always require human review, even for trusted contributors.