cicd-pipelines

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The workflows fetch and execute remote GitHub Action code at runtime—notably aquasecurity/trivy-action@master (https://github.com/aquasecurity/trivy-action@master) is referenced unpinned and will be fetched/executed during runs, so remote content directly executes as a required dependency.