These are false positives.

WordPress · Feb 11, 2025 · 5ed7adf · 5ed7adf
1 parent 5ddbdd3
commit 5ed7adf
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/.github/workflows/reusable-workflow-lint.yml b/.github/workflows/reusable-workflow-lint.yml
@@ -52,7 +52,9 @@ jobs:
               uses: synacktiv/action-octoscan@6b1cf2343893dfb9e5f75652388bd2dc83f456b0 # v1.0.0
               with:
                   filter_triggers: ''
-                  disable_rules: dangerous-write
+                  # dangerous-write:    Valid but ignored because we have to use these writes
+                  # dangerous-checkout: Three false positives
+                  disable_rules: dangerous-write, dangerous-checkout
 
             - name: Upload SARIF file
               uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9