Ensure using safe curl command without secrets
Using curl, a bad actor can send the secret to a website they own if they can obtain the secret in a workflow.
Risk Level: medium
Platform: Github
Spectral Rule ID: GHAC003
REMEDIATION
In job remove in run
command the secrets pointer
Read more:
Updated over 1 year ago