From 2a0e133768eba3236527464eace711a50e974f63 Mon Sep 17 00:00:00 2001 From: Andrew Eisenberg Date: Thu, 6 Mar 2025 14:25:46 -0800 Subject: [PATCH] Move UnversionedImmutableAction.ql to experimental This query will give too many false positives for users until immutable actions is released. --- .../src/change-notes/2025-02-27-immutable-actions-list.md | 7 ++++--- .../Security/CWE-829/UnversionedImmutableAction.md | 0 .../Security/CWE-829/UnversionedImmutableAction.ql | 1 + .../Security/CWE-829/UnversionedImmutableAction.qlref | 2 +- 4 files changed, 6 insertions(+), 4 deletions(-) rename actions/ql/src/{ => experimental}/Security/CWE-829/UnversionedImmutableAction.md (100%) rename actions/ql/src/{ => experimental}/Security/CWE-829/UnversionedImmutableAction.ql (96%) diff --git a/actions/ql/src/change-notes/2025-02-27-immutable-actions-list.md b/actions/ql/src/change-notes/2025-02-27-immutable-actions-list.md index ea195c4b1494..313fd44357b9 100644 --- a/actions/ql/src/change-notes/2025-02-27-immutable-actions-list.md +++ b/actions/ql/src/change-notes/2025-02-27-immutable-actions-list.md @@ -2,6 +2,7 @@ category: fix --- * The `actions/unversioned-immutable-action` query will no longer report any alerts, since the - Immutable Actions feature is not yet available for customer use. The query remains in the - default Code Scanning suites for use internal to GitHub. Once the Immutable Actions feature is - available, the query will be updated to report alerts again. + Immutable Actions feature is not yet available for customer use. The query has also been moved + to the experimental folder and will not be used in code scanning unless it is explicitly added + to a code scanning configuration. Once the Immutable Actions feature is available, the query will + be updated to report alerts again. diff --git a/actions/ql/src/Security/CWE-829/UnversionedImmutableAction.md b/actions/ql/src/experimental/Security/CWE-829/UnversionedImmutableAction.md similarity index 100% rename from actions/ql/src/Security/CWE-829/UnversionedImmutableAction.md rename to actions/ql/src/experimental/Security/CWE-829/UnversionedImmutableAction.md diff --git a/actions/ql/src/Security/CWE-829/UnversionedImmutableAction.ql b/actions/ql/src/experimental/Security/CWE-829/UnversionedImmutableAction.ql similarity index 96% rename from actions/ql/src/Security/CWE-829/UnversionedImmutableAction.ql rename to actions/ql/src/experimental/Security/CWE-829/UnversionedImmutableAction.ql index 8cc79b1091a5..89b28f26520c 100644 --- a/actions/ql/src/Security/CWE-829/UnversionedImmutableAction.ql +++ b/actions/ql/src/experimental/Security/CWE-829/UnversionedImmutableAction.ql @@ -8,6 +8,7 @@ * @tags security * actions * internal + * experimental * external/cwe/cwe-829 */ diff --git a/actions/ql/test/query-tests/Security/CWE-829/UnversionedImmutableAction.qlref b/actions/ql/test/query-tests/Security/CWE-829/UnversionedImmutableAction.qlref index 6ce4123fa5ed..1887390c0f3d 100644 --- a/actions/ql/test/query-tests/Security/CWE-829/UnversionedImmutableAction.qlref +++ b/actions/ql/test/query-tests/Security/CWE-829/UnversionedImmutableAction.qlref @@ -1 +1 @@ -Security/CWE-829/UnversionedImmutableAction.ql \ No newline at end of file +experimental/Security/CWE-829/UnversionedImmutableAction.ql