Description of the false positive
When there is a workflow that is triggered by a pull_request, this check considers the called workflow to be privileged even though it is not.
Code samples or links to source code
Triggered Workflow: https://github.com/_gh/raw/llvm/llvm-project/refs/heads/main/.github/workflows/release-binaries-all.yml
Called Workflow: https://github.com/_gh/raw/llvm/llvm-project/refs/heads/main/.github/workflows/release-binaries.yml
URL to the alert on GitHub code scanning (optional)
https://github.com/llvm/llvm-project/security/code-scanning/1828
Description of the false positive
When there is a workflow that is triggered by a pull_request, this check considers the called workflow to be privileged even though it is not.
Code samples or links to source code
Triggered Workflow: https://github.com/_gh/raw/llvm/llvm-project/refs/heads/main/.github/workflows/release-binaries-all.yml
Called Workflow: https://github.com/_gh/raw/llvm/llvm-project/refs/heads/main/.github/workflows/release-binaries.yml
URL to the alert on GitHub code scanning (optional)
https://github.com/llvm/llvm-project/security/code-scanning/1828