Remove Poutine and Octoscan in favour of Actionlint and Zizmor.

johnbillion · johnbillion · commit e3062e97bc02 · 2026-03-17T16:46:16.000Z
diff --git a/.github/workflows/reusable-workflow-lint.yml b/.github/workflows/reusable-workflow-lint.yml
@@ -29,40 +29,6 @@ jobs:
         with:
           args: "-color -verbose"
 
-  # Runs the Octoscan GitHub Action workflow file linter.
-  #
-  # See https://github.com/synacktiv/octoscan
-  #
-  # This helps guard against injection attacks, credential exposure, vulnerable actions, repository jacking,
-  # dangerous checkouts, and artifact security issues.
-  octoscan:
-    name: Octoscan
-    runs-on: ubuntu-24.04
-    permissions:
-      security-events: write
-      actions: read
-      contents: read
-    timeout-minutes: 10
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-        with:
-          persist-credentials: false
-
-      - name: Run octoscan
-        id: octoscan
-        uses: synacktiv/action-octoscan@6b1cf2343893dfb9e5f75652388bd2dc83f456b0 # v1.0.0
-        with:
-          filter_triggers: ''
-          disable_rules: 'local-action,runner-label'
-
-      - name: Upload SARIF file to GitHub
-        uses: github/codeql-action/upload-sarif@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3.30.6
-        with:
-          sarif_file: "${{steps.octoscan.outputs.sarif_output}}"
-          category: octoscan
-          wait-for-processing: false
-
   # Runs the Zizmor GitHub Action workflow file linter.
   #
   # See https://github.com/zizmorcore/zizmor
@@ -96,31 +62,3 @@ jobs:
           sarif_file: results.sarif
           category: zizmor
           wait-for-processing: false
-
-  # Runs the Poutine GitHub Action workflow file linter.
-  #
-  # See https://github.com/boostsecurityio/poutine
-  #
-  # This helps guard against CI/CD pipeline risks, supply chain vulnerabilities, excessive permissions,
-  # and dangerous build platform configurations.
-  poutine:
-    name: Poutine
-    runs-on: ubuntu-24.04
-    permissions:
-      security-events: write
-      contents: read
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-        with:
-          persist-credentials: false
-
-      - name: Run Poutine
-        uses: boostsecurityio/poutine-action@84c0a0d32e8d57ae12651222be1eb15351429228 # v0.15.2
-
-      - name: Upload poutine SARIF file
-        uses: github/codeql-action/upload-sarif@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3.30.6
-        with:
-          sarif_file: results.sarif
-          category: poutine
-          wait-for-processing: false
