ci: add promptfoo code scan action#15
Conversation
Greptile SummaryThis PR adds a new GitHub Actions workflow ( Confidence Score: 2/5Not safe to merge as-is due to a security permission concern and a functional gap in PR coverage. Two P1 issues are present: the .github/workflows/promptfoo-code-scan.yml requires attention for all three flagged issues. Important Files Changed
Sequence DiagramsequenceDiagram
participant Dev as Developer
participant GH as GitHub
participant Runner as GH Actions Runner
participant PSA as promptfoo/code-scan-action@v0
participant OIDC as GitHub OIDC Provider
Dev->>GH: Opens PR (or marks ready_for_review)
GH->>Runner: Trigger: pull_request [opened | ready_for_review]
Note over GH,Runner: ⚠️ synchronize NOT in trigger list — new commits skipped
Runner->>Runner: actions/checkout@v4 (full history)
Runner->>OIDC: Request OIDC token (id-token: write)
Note over Runner,OIDC: ⚠️ Token granted to third-party action
OIDC-->>Runner: OIDC JWT
Runner->>PSA: Run promptfoo/code-scan-action@v0
Note over PSA: ⚠️ Mutable tag — version may change silently
PSA-->>GH: Post findings as PR comment (pull-requests: write)
Reviews (1): Last reviewed commit: "Add Promptfoo Code Scan workflow" | Re-trigger Greptile |
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
|
|
||
| on: | ||
| pull_request: | ||
| types: [opened, ready_for_review] |
There was a problem hiding this comment.
The trigger only fires on opened and ready_for_review, but not synchronize. This means any new commits pushed to an already-open PR will never be scanned, leaving a significant gap in coverage — the exact situation where a developer iterates on code after initial review.
| types: [opened, ready_for_review] | |
| types: [opened, synchronize, ready_for_review] |
| permissions: | ||
| contents: read | ||
| pull-requests: write | ||
| id-token: write |
There was a problem hiding this comment.
id-token: write permission granted to third-party action
id-token: write allows the job to request an OIDC token from GitHub, which can be used to authenticate with cloud providers (AWS, GCP, Azure). This permission is being granted to promptfoo/code-scan-action@v0, a third-party action. If the action (or its supply chain) is compromised, it could exfiltrate cloud credentials.
Unless the promptfoo action explicitly documents requiring OIDC authentication, this permission should be removed. If it is genuinely required, the action's documentation should be referenced in a comment.
| fetch-depth: 0 | ||
|
|
||
| - name: Run Promptfoo Code Scan | ||
| uses: promptfoo/code-scan-action@v0 |
There was a problem hiding this comment.
Using @v0 is a mutable tag — if the upstream repo updates the tag (or is compromised), this workflow will silently start running different code. GitHub's security hardening guide recommends pinning third-party actions to a full commit SHA:
| uses: promptfoo/code-scan-action@v0 | |
| uses: promptfoo/code-scan-action@<full-commit-sha> # v0 |
Replace <full-commit-sha> with the exact SHA corresponding to the v0 release you've validated.
Add Promptfoo Code Scan Action
This PR adds a GitHub Action workflow to automatically scan pull requests for LLM-related vulnerabilities.
What this does
This PR was automatically created by the Promptfoo GitHub App