DOS5925: Actions Variable - Should have a name | Security KB - DevOps Shield - The ultimate DevSecOps platform designed to secure your DevOps.

This website stores cookies on your computer.These cookies are used to collect information about how you interact with our website and allow us to remember you. We use this information to improve and customize your browsing experience and for analytics and metrics about our visitors both on this website and other media. To find out more about the cookies we use, please review our Privacy Policy.

If you decline, your information won’t be tracked when you visit this website. A single cookie will be used in your browser to remember your preference not to be tracked.
By clicking “Accept All”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts.

GitHub repository Severitylow builtIn

Description

Every Actions variable must have a non-empty name (the workflow YAML references it as vars.<NAME>). Records with empty names are typically transient API states that cannot be consumed by any workflow and clutter the variables UI.

Learn More

https://docs.github.com/en/actions/learn-github-actions/variables

Recommendation

1. Go to Repository or Organization Settings -> Secrets and variables -> Actions -> Variables. 
2. Identify any variables without names and delete or rename them.

Policy Rule

{
  "target": "GHActionsVariable",
  "if": {
    "allOf": [
      {
        "resource": "GHActionsVariable",
        "property": "Name",
        "operator": "notEquals",
        "value": ""
      }
    ]
  },
  "then": {
    "effect": "Audit"
  }
}

« DOS5920 DOS5930 »

Rule Details

Rule ID: DOS5925
Code: GH_Repository_Actions_Variable_Should_Have_Name
Platform: GitHub
Category: repository
Severity: Severitylow
Type: builtIn

DOS5925

Actions Variable - Should have a name

DOS5925

Description

Recommendation

Policy Rule

View evaluation logic (JSON)

Rule Details

Related Rules