VED-1223: Update permissions to auto-ops role so the pipeline can apply terraform changes at account level #1384
Quality Gate failed
Failed conditions
See analysis details on SonarQube Cloud
Annotations
Check failure on line 94 in .github/workflows/account-terraform.yml
sonarqubecloud / SonarCloud Code Analysis
inputs.environment is vulnerable to script injection: values of inputs are provided by whoever triggers the workflow. Change this workflow to not use user-controlled data directly in a run block, for example by assigning this expression to an environment variable.
See more on https://sonarcloud.io/project/issues?id=NHSDigital_immunisation-fhir-api&issues=AZ1nyghd1j94mlTd0hVI&open=AZ1nyghd1j94mlTd0hVI&pullRequest=1384
Check failure on line 46 in .github/workflows/account-terraform.yml
sonarqubecloud / SonarCloud Code Analysis
inputs.head_sha is vulnerable to script injection: values of inputs are provided by whoever triggers the workflow. Change this workflow to not use user-controlled data directly in a run block, for example by assigning this expression to an environment variable.
See more on https://sonarcloud.io/project/issues?id=NHSDigital_immunisation-fhir-api&issues=AZ1nyghd1j94mlTd0hVH&open=AZ1nyghd1j94mlTd0hVH&pullRequest=1384
Check failure on line 173 in .github/workflows/account-terraform.yml
sonarqubecloud / SonarCloud Code Analysis
inputs.environment is vulnerable to script injection: values of inputs are provided by whoever triggers the workflow. Change this workflow to not use user-controlled data directly in a run block, for example by assigning this expression to an environment variable.
See more on https://sonarcloud.io/project/issues?id=NHSDigital_immunisation-fhir-api&issues=AZ1nyghd1j94mlTd0hVL&open=AZ1nyghd1j94mlTd0hVL&pullRequest=1384
Check failure on line 166 in .github/workflows/account-terraform.yml
sonarqubecloud / SonarCloud Code Analysis
inputs.environment is vulnerable to script injection: values of inputs are provided by whoever triggers the workflow. Change this workflow to not use user-controlled data directly in a run block, for example by assigning this expression to an environment variable.
See more on https://sonarcloud.io/project/issues?id=NHSDigital_immunisation-fhir-api&issues=AZ1nyghd1j94mlTd0hVK&open=AZ1nyghd1j94mlTd0hVK&pullRequest=1384
Check failure on line 101 in .github/workflows/account-terraform.yml
sonarqubecloud / SonarCloud Code Analysis
inputs.environment is vulnerable to script injection: values of inputs are provided by whoever triggers the workflow. Change this workflow to not use user-controlled data directly in a run block, for example by assigning this expression to an environment variable.
See more on https://sonarcloud.io/project/issues?id=NHSDigital_immunisation-fhir-api&issues=AZ1nyghd1j94mlTd0hVJ&open=AZ1nyghd1j94mlTd0hVJ&pullRequest=1384
Check failure on line 41 in .github/workflows/account-terraform.yml
sonarqubecloud / SonarCloud Code Analysis
inputs.base_sha is vulnerable to script injection: values of inputs are provided by whoever triggers the workflow. Change this workflow to not use user-controlled data directly in a run block, for example by assigning this expression to an environment variable.
See more on https://sonarcloud.io/project/issues?id=NHSDigital_immunisation-fhir-api&issues=AZ1nyghd1j94mlTd0hVG&open=AZ1nyghd1j94mlTd0hVG&pullRequest=1384