DOS5920

Actions Variable - Should have a value

DOS5920

GitHub repository Severitylow builtIn

Description

Actions variables with empty values configure workflows to consume a blank string at runtime, which typically causes silent failures (e.g., empty image tag, empty deployment URL). Either set a meaningful value, delete the variable, or replace it with a workflow-level default via env: in the workflow YAML.

Learn More

Recommendation

1. Go to Repository or Organization Settings -> Secrets and variables -> Actions -> Variables. 
2. For each variable with an empty value, set a value or delete the variable.

Policy Rule

{
  "target": "GHActionsVariable",
  "if": {
    "allOf": [
      {
        "resource": "GHActionsVariable",
        "property": "Value",
        "operator": "notEquals",
        "value": ""
      }
    ]
  },
  "then": {
    "effect": "Audit"
  }
}
« DOS5915 DOS5925 »
Rule Details
  • Rule ID: DOS5920
  • Code: GH_Repository_Actions_Variable_Should_Have_Value
  • Platform: GitHub
  • Category: repository
  • Severity: Severitylow
  • Type: builtIn
Related Rules

Copyright © DevOps Shield. All Rights Reserved. Privacy Policy | Cookie Policy | Terms and Conditions | v1.0.2