From 89683ff927dafdc07dd8d4ceeb8515cd238f2cca Mon Sep 17 00:00:00 2001 From: Oleksandr Redko Date: Wed, 27 May 2026 12:53:49 +0300 Subject: [PATCH] fix typo in the GitHub word --- cmd/analyzeRepo.go | 2 +- cmd/analyzeRepoStaleBranches.go | 2 +- .../en/rules/github_action_from_unverified_creator_used.md | 2 +- docs/content/en/rules/if_always_true.md | 2 +- .../content/en/rules/known_vulnerability_in_build_platform.md | 2 +- docs/content/en/rules/pr_runs_on_self_hosted.md | 2 +- formatters/sarif/sarif_test.go | 2 +- opa/rego/external/build_platform.rego | 4 ++-- .../rules/github_action_from_unverified_creator_used.rego | 2 +- scanner/parsers.go | 2 +- test/snapshot/__snapshots__/snapshot_test.snap | 4 ++-- 11 files changed, 13 insertions(+), 13 deletions(-) diff --git a/cmd/analyzeRepo.go b/cmd/analyzeRepo.go index 8bc658fb..3db89e65 100644 --- a/cmd/analyzeRepo.go +++ b/cmd/analyzeRepo.go @@ -14,7 +14,7 @@ var analyzeRepoCmd = &cobra.Command{ Use: "analyze_repo", Short: "Analyzes a remote repository for supply chain vulnerabilities", Long: `Analyzes a remote repository for supply chain vulnerabilities -Example Scanning a remote Github Repository: poutine analyze_repo org/repo --token "$GH_TOKEN"`, +Example Scanning a remote GitHub Repository: poutine analyze_repo org/repo --token "$GH_TOKEN"`, Args: cobra.ExactArgs(1), RunE: func(cmd *cobra.Command, args []string) error { Token = viper.GetString("token") diff --git a/cmd/analyzeRepoStaleBranches.go b/cmd/analyzeRepoStaleBranches.go index 8d3f1160..ec410ac2 100644 --- a/cmd/analyzeRepoStaleBranches.go +++ b/cmd/analyzeRepoStaleBranches.go @@ -16,7 +16,7 @@ var analyzeRepoStaleBranches = &cobra.Command{ Use: "analyze_repo_stale_branches", Short: "Analyzes a remote repository for pull_request_target vulnerabilities in stale branches", Long: `Analyzes a remote repository, looping through all remote branches to find unique GitHub Actions workflows with old pull_request_target vulnerabilities, even though the default branch does not have that vulnerability anymore. -Example Scanning a remote Github Repository: poutine analyze_repo_stale_branches org/repo --token "$GH_TOKEN"`, +Example Scanning a remote GitHub Repository: poutine analyze_repo_stale_branches org/repo --token "$GH_TOKEN"`, Args: cobra.ExactArgs(1), RunE: func(cmd *cobra.Command, args []string) error { Token = viper.GetString("token") diff --git a/docs/content/en/rules/github_action_from_unverified_creator_used.md b/docs/content/en/rules/github_action_from_unverified_creator_used.md index 1390f110..0a678fcf 100644 --- a/docs/content/en/rules/github_action_from_unverified_creator_used.md +++ b/docs/content/en/rules/github_action_from_unverified_creator_used.md @@ -1,5 +1,5 @@ --- -title: "Github Action from Unverified Creator used" +title: "GitHub Action from Unverified Creator used" slug: github_action_from_unverified_creator_used url: /rules/github_action_from_unverified_creator_used/ rule: github_action_from_unverified_creator_used diff --git a/docs/content/en/rules/if_always_true.md b/docs/content/en/rules/if_always_true.md index 463caf1d..c8ab94ee 100644 --- a/docs/content/en/rules/if_always_true.md +++ b/docs/content/en/rules/if_always_true.md @@ -56,6 +56,6 @@ jobs: ## See Also -- [Expression Always True Github Issue](https://github.com/actions/runner/issues/1173) +- [Expression Always True GitHub Issue](https://github.com/actions/runner/issues/1173) - [About expressions](https://docs.github.com/en/actions/learn-github-actions/expressions#about-expressions) - [jobs.if](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idif) \ No newline at end of file diff --git a/docs/content/en/rules/known_vulnerability_in_build_platform.md b/docs/content/en/rules/known_vulnerability_in_build_platform.md index b7b8fe14..3d348283 100644 --- a/docs/content/en/rules/known_vulnerability_in_build_platform.md +++ b/docs/content/en/rules/known_vulnerability_in_build_platform.md @@ -16,4 +16,4 @@ Upgrade the self-hosted provider to a non-vulnerable version. ## See Also - [Upgrade Gitlab](https://docs.gitlab.com/ee/update/) -- [Upgrade Github Enterprise Server](https://docs.github.com/en/enterprise-server@3.13/admin/overview/about-upgrades-to-new-releases) +- [Upgrade GitHub Enterprise Server](https://docs.github.com/en/enterprise-server@3.13/admin/overview/about-upgrades-to-new-releases) diff --git a/docs/content/en/rules/pr_runs_on_self_hosted.md b/docs/content/en/rules/pr_runs_on_self_hosted.md index 68ba5c0e..ce072056 100644 --- a/docs/content/en/rules/pr_runs_on_self_hosted.md +++ b/docs/content/en/rules/pr_runs_on_self_hosted.md @@ -35,4 +35,4 @@ Having a GitHub Organization **Runners** configuration set to **All repositories - [Hardening for self-hosted runners](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#hardening-for-self-hosted-runners) - [Playing with fire - How we executed a critical supply chain attack on pytorch](https://johnstawinski.com/2024/01/11/playing-with-fire-how-we-executed-a-critical-supply-chain-attack-on-pytorch/) - [TensorFlow Supply Chain Compromise via Self-Hosted Runner Attack](https://www.praetorian.com/blog/tensorflow-supply-chain-compromise-via-self-hosted-runner-attack/) -- [Gato - Github Attack TOOlkit](https://github.com/praetorian-inc/gato) \ No newline at end of file +- [Gato - GitHub Attack TOOlkit](https://github.com/praetorian-inc/gato) \ No newline at end of file diff --git a/formatters/sarif/sarif_test.go b/formatters/sarif/sarif_test.go index 6203ab7d..01e5c3b8 100644 --- a/formatters/sarif/sarif_test.go +++ b/formatters/sarif/sarif_test.go @@ -44,7 +44,7 @@ func TestSarifFormatBuildDependencyFindings(t *testing.T) { Rules: map[string]results.Rule{ "github_action_from_unverified_creator_used": { Id: "github_action_from_unverified_creator_used", - Title: "Github Action from Unverified Creator used", + Title: "GitHub Action from Unverified Creator used", Description: "Usage of GitHub Actions from unverified creators was detected.", Level: "note", }, diff --git a/opa/rego/external/build_platform.rego b/opa/rego/external/build_platform.rego index cd0f9e6a..5cb69323 100644 --- a/opa/rego/external/build_platform.rego +++ b/opa/rego/external/build_platform.rego @@ -258,7 +258,7 @@ advisories = { "osv_id": "CVE-2022-23733", "published": "2022-08-02T16:05:14", "aliases": [], - "summary": "A stored XSS vulnerability was identified in GitHub Enterprise Server that allowed the injection of arbitrary attributes. This injection was blocked by Github's Content Security Policy (CSP). This vulnerability affected all versions of GitHub Enterprise Server prior to 3.6 and was fixed in versions 3.3.11, 3.4.6 and 3.5.3. This vulnerability was reported via the GitHub Bug Bounty program.", + "summary": "A stored XSS vulnerability was identified in GitHub Enterprise Server that allowed the injection of arbitrary attributes. This injection was blocked by GitHub's Content Security Policy (CSP). This vulnerability affected all versions of GitHub Enterprise Server prior to 3.6 and was fixed in versions 3.3.11, 3.4.6 and 3.5.3. This vulnerability was reported via the GitHub Bug Bounty program.", "severity": [], "cwe_ids": ["CWE-79"], "vulnerable_versions": [], @@ -1818,7 +1818,7 @@ advisories = { "osv_id": "CVE-2020-13326", "published": "2020-09-29T18:45:49", "aliases": [], - "summary": "A vulnerability was discovered in GitLab versions prior to 13.1. Under certain conditions the restriction for Github project import could be bypassed.", + "summary": "A vulnerability was discovered in GitLab versions prior to 13.1. Under certain conditions the restriction for GitHub project import could be bypassed.", "severity": [{ "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", diff --git a/opa/rego/rules/github_action_from_unverified_creator_used.rego b/opa/rego/rules/github_action_from_unverified_creator_used.rego index f4e10118..165405a3 100644 --- a/opa/rego/rules/github_action_from_unverified_creator_used.rego +++ b/opa/rego/rules/github_action_from_unverified_creator_used.rego @@ -1,5 +1,5 @@ # METADATA -# title: Github Action from Unverified Creator used +# title: GitHub Action from Unverified Creator used # description: |- # Usage of the following GitHub Actions repositories was detected in workflows # or composite actions, but their owner is not a verified creator. diff --git a/scanner/parsers.go b/scanner/parsers.go index 096571d5..6156555b 100644 --- a/scanner/parsers.go +++ b/scanner/parsers.go @@ -51,7 +51,7 @@ func (p *GithubActionsMetadataParser) ParseFromMemory(data []byte, filePath stri meta.Path = filePath pkgInsights.GithubActionsMetadata = append(pkgInsights.GithubActionsMetadata, meta) } else { - log.Debug().Str("file", filePath).Msg("invalid Github Actions metadata") + log.Debug().Str("file", filePath).Msg("invalid GitHub Actions metadata") } return nil diff --git a/test/snapshot/__snapshots__/snapshot_test.snap b/test/snapshot/__snapshots__/snapshot_test.snap index d0b9c7fe..9a46288d 100755 --- a/test/snapshot/__snapshots__/snapshot_test.snap +++ b/test/snapshot/__snapshots__/snapshot_test.snap @@ -522,7 +522,7 @@ "description": "Usage of the following GitHub Actions repositories was detected in workflows\nor composite actions, but their owner is not a verified creator.", "id": "github_action_from_unverified_creator_used", "level": "note", - "title": "Github Action from Unverified Creator used" + "title": "GitHub Action from Unverified Creator used" }, "if_always_true": { "description": "GitHub Actions expressions used in if condition of jobs or steps\nmust not contain extra characters or spaces.\nOtherwise, the condition is always true.", @@ -982,7 +982,7 @@ "description": "Usage of the following GitHub Actions repositories was detected in workflows\nor composite actions, but their owner is not a verified creator.", "id": "github_action_from_unverified_creator_used", "level": "note", - "title": "Github Action from Unverified Creator used" + "title": "GitHub Action from Unverified Creator used" }, "if_always_true": { "description": "GitHub Actions expressions used in if condition of jobs or steps\nmust not contain extra characters or spaces.\nOtherwise, the condition is always true.",