terraform-cicd

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The GitHub Actions "uses" references in the workflows (e.g., actions/checkout@v4, hashicorp/setup-terraform@v3, aquasecurity/tfsec-action@v1.0.3, bridgecrewio/checkov-action@v12, aws-actions/configure-aws-credentials@v4, actions/github-script@v7, slackapi/slack-github-action@v1) are fetched from external repositories at workflow/runtime and execute remote code, so they are runtime external dependencies.