⚠ This page is served via a proxy. Original site: https://github.com
This service does not collect credentials or authentication data.
Skip to content

Non-essential warnings from Actions Workflow Security Scan #39

New issue
New issue
Open
Open
Non-essential warnings from Actions Workflow Security Scan#39
@pavoljuhas

Description

@pavoljuhas
pavoljuhas
opened on Feb 5, 2026

We have the scan-pr (Google GitHub Admin: Actions Workflow Security Scan) workflow configured to check pull-request for the quantumlib/Cirq repository. However, the workflow produces some warnings which appear to ask for fixups in configuration, please see the example below.

Would it be possible to address these so we avoid non-essential warnings in successful scans?

Workflow run: https://github.com/quantumlib/Cirq/actions/runs/21697490339

Annotations
2 warnings

scan-pr
Feature flags do not specify a default CLI version. Falling back to the CLI version shipped with the Action. This is 2.23.5.

scan-pr
This run of the CodeQL Action does not have permission to access the CodeQL Action API endpoints. As a result, it will not be opted into any experimental features. This could be because the Action is running on a pull request from a fork. If not, please ensure the workflow has at least the 'security-events: read' permission. Details: Resource not accessible by integration - https://docs.github.com/rest

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions