A violation against the SAP Open Source standards have been detected.
Rule: rl-secret_rotation
*Message: The following GitHub Actions secrets have not been rotated within the last 12 months:
- PUBLISH_KEY
- PUBLISH_SECRET
- SUPPORTPORTAL_PASSWORD
- SUPPORTPORTAL_USER
Recommended actions:
- Replace long-lived secrets with OIDC (OpenID Connect) tokens where possible
- For required static credentials (API keys, tokens), rotate them at least annually
- Review and remove any unused secrets*
Description: Checks if all GitHub Actions secrets have been rotated within the last 12 months. Long-lived secrets should be replaced with OIDC tokens where possible, and required static credentials must be rotated annually.
Documentation
A violation against the SAP Open Source standards have been detected.
Rule: rl-secret_rotation
*Message: The following GitHub Actions secrets have not been rotated within the last 12 months:
Recommended actions:
Description: Checks if all GitHub Actions secrets have been rotated within the last 12 months. Long-lived secrets should be replaced with OIDC tokens where possible, and required static credentials must be rotated annually.
Documentation