{
  "benchmarkId": "CG-BENCHMARK-GITHUB-ACTIONS-AGENT-GATE-0.1.0",
  "version": "0.1.0",
  "profileVersion": "0.1.0",
  "testedAt": "2026-07-18T00:00:00.000Z",
  "caseCount": 10,
  "passedCaseCount": 10,
  "failedCaseCount": 0,
  "cases": [
    {
      "id": "CG-GHA-BENCH-001",
      "title": "Pinned read-only pull request gate",
      "expectedStatus": "pass",
      "observedStatus": "pass",
      "expectedFailedControlIds": [],
      "failedControlIds": [],
      "passed": true,
      "workflowSha256": "945e7648ef35d4881e15f98139f1d3ee4829ae4983e63de8c5a76bbbda70e229",
      "controlResults": [
        {
          "id": "CG-GHA-001",
          "passed": true,
          "evidence": "Checkout remains inside the authorized triggering repository."
        },
        {
          "id": "CG-GHA-002",
          "passed": true,
          "evidence": "No privileged trigger checks out an untrusted pull-request head."
        },
        {
          "id": "CG-GHA-003",
          "passed": true,
          "evidence": "Repository contents are explicitly read-only."
        },
        {
          "id": "CG-GHA-004",
          "passed": true,
          "evidence": "Every external action reference is a full 40-character commit SHA."
        },
        {
          "id": "CG-GHA-005",
          "passed": true,
          "evidence": "Checkout credentials are not persisted."
        },
        {
          "id": "CG-GHA-006",
          "passed": true,
          "evidence": "No tested untrusted GitHub context is expanded directly inside a run block."
        },
        {
          "id": "CG-GHA-007",
          "passed": true,
          "evidence": "OIDC requires signed preview plus audience and repository binding in the receiver policy."
        },
        {
          "id": "CG-GHA-008",
          "passed": true,
          "evidence": "No tested high-impact command is present."
        }
      ]
    },
    {
      "id": "CG-GHA-BENCH-002",
      "title": "Repository write permission",
      "expectedStatus": "block",
      "observedStatus": "block",
      "expectedFailedControlIds": [
        "CG-GHA-003"
      ],
      "failedControlIds": [
        "CG-GHA-003"
      ],
      "passed": true,
      "workflowSha256": "e9332fa1f027f7aacfb805693b0e38914e571094a3fa273ad24f24fd6a28631f",
      "controlResults": [
        {
          "id": "CG-GHA-001",
          "passed": true,
          "evidence": "Checkout remains inside the authorized triggering repository."
        },
        {
          "id": "CG-GHA-002",
          "passed": true,
          "evidence": "No privileged trigger checks out an untrusted pull-request head."
        },
        {
          "id": "CG-GHA-003",
          "passed": false,
          "evidence": "A repository permission grants write authority."
        },
        {
          "id": "CG-GHA-004",
          "passed": true,
          "evidence": "Every external action reference is a full 40-character commit SHA."
        },
        {
          "id": "CG-GHA-005",
          "passed": true,
          "evidence": "Checkout credentials are not persisted."
        },
        {
          "id": "CG-GHA-006",
          "passed": true,
          "evidence": "No tested untrusted GitHub context is expanded directly inside a run block."
        },
        {
          "id": "CG-GHA-007",
          "passed": true,
          "evidence": "OIDC requires signed preview plus audience and repository binding in the receiver policy."
        },
        {
          "id": "CG-GHA-008",
          "passed": true,
          "evidence": "No tested high-impact command is present."
        }
      ]
    },
    {
      "id": "CG-GHA-BENCH-003",
      "title": "Mutable third-party action references",
      "expectedStatus": "block",
      "observedStatus": "block",
      "expectedFailedControlIds": [
        "CG-GHA-004"
      ],
      "failedControlIds": [
        "CG-GHA-004"
      ],
      "passed": true,
      "workflowSha256": "d186d2cda1c6c8bfafa227b516c632eb2a950737047b72a347845269714c3cd0",
      "controlResults": [
        {
          "id": "CG-GHA-001",
          "passed": true,
          "evidence": "Checkout remains inside the authorized triggering repository."
        },
        {
          "id": "CG-GHA-002",
          "passed": true,
          "evidence": "No privileged trigger checks out an untrusted pull-request head."
        },
        {
          "id": "CG-GHA-003",
          "passed": true,
          "evidence": "Repository contents are explicitly read-only."
        },
        {
          "id": "CG-GHA-004",
          "passed": false,
          "evidence": "At least one external action uses a mutable reference."
        },
        {
          "id": "CG-GHA-005",
          "passed": true,
          "evidence": "Checkout credentials are not persisted."
        },
        {
          "id": "CG-GHA-006",
          "passed": true,
          "evidence": "No tested untrusted GitHub context is expanded directly inside a run block."
        },
        {
          "id": "CG-GHA-007",
          "passed": true,
          "evidence": "OIDC requires signed preview plus audience and repository binding in the receiver policy."
        },
        {
          "id": "CG-GHA-008",
          "passed": true,
          "evidence": "No tested high-impact command is present."
        }
      ]
    },
    {
      "id": "CG-GHA-BENCH-004",
      "title": "Persisted checkout credential",
      "expectedStatus": "block",
      "observedStatus": "block",
      "expectedFailedControlIds": [
        "CG-GHA-005"
      ],
      "failedControlIds": [
        "CG-GHA-005"
      ],
      "passed": true,
      "workflowSha256": "236329fdd043070f5cd984bec6e1bd5cb5095994b1fef3dc9cd1a09265039b24",
      "controlResults": [
        {
          "id": "CG-GHA-001",
          "passed": true,
          "evidence": "Checkout remains inside the authorized triggering repository."
        },
        {
          "id": "CG-GHA-002",
          "passed": true,
          "evidence": "No privileged trigger checks out an untrusted pull-request head."
        },
        {
          "id": "CG-GHA-003",
          "passed": true,
          "evidence": "Repository contents are explicitly read-only."
        },
        {
          "id": "CG-GHA-004",
          "passed": true,
          "evidence": "Every external action reference is a full 40-character commit SHA."
        },
        {
          "id": "CG-GHA-005",
          "passed": false,
          "evidence": "Checkout does not explicitly disable persisted credentials."
        },
        {
          "id": "CG-GHA-006",
          "passed": true,
          "evidence": "No tested untrusted GitHub context is expanded directly inside a run block."
        },
        {
          "id": "CG-GHA-007",
          "passed": true,
          "evidence": "OIDC requires signed preview plus audience and repository binding in the receiver policy."
        },
        {
          "id": "CG-GHA-008",
          "passed": true,
          "evidence": "No tested high-impact command is present."
        }
      ]
    },
    {
      "id": "CG-GHA-BENCH-005",
      "title": "Pull request title expanded in shell",
      "expectedStatus": "block",
      "observedStatus": "block",
      "expectedFailedControlIds": [
        "CG-GHA-006"
      ],
      "failedControlIds": [
        "CG-GHA-006"
      ],
      "passed": true,
      "workflowSha256": "5faf6f03c4404ab9c689a2dfade03b7bf543d55470210ddde443b7f045ba33be",
      "controlResults": [
        {
          "id": "CG-GHA-001",
          "passed": true,
          "evidence": "Checkout remains inside the authorized triggering repository."
        },
        {
          "id": "CG-GHA-002",
          "passed": true,
          "evidence": "No privileged trigger checks out an untrusted pull-request head."
        },
        {
          "id": "CG-GHA-003",
          "passed": true,
          "evidence": "Repository contents are explicitly read-only."
        },
        {
          "id": "CG-GHA-004",
          "passed": true,
          "evidence": "Every external action reference is a full 40-character commit SHA."
        },
        {
          "id": "CG-GHA-005",
          "passed": true,
          "evidence": "Checkout credentials are not persisted."
        },
        {
          "id": "CG-GHA-006",
          "passed": false,
          "evidence": "Attacker-controlled GitHub context is expanded directly inside a run block."
        },
        {
          "id": "CG-GHA-007",
          "passed": true,
          "evidence": "OIDC requires signed preview plus audience and repository binding in the receiver policy."
        },
        {
          "id": "CG-GHA-008",
          "passed": true,
          "evidence": "No tested high-impact command is present."
        }
      ]
    },
    {
      "id": "CG-GHA-BENCH-006",
      "title": "Privileged trigger checks out untrusted head",
      "expectedStatus": "block",
      "observedStatus": "block",
      "expectedFailedControlIds": [
        "CG-GHA-002"
      ],
      "failedControlIds": [
        "CG-GHA-002"
      ],
      "passed": true,
      "workflowSha256": "c2c7800b15a15dd7f8f9d10e5d78a92396ba4694f2db1a9344a61fc81bfe59e2",
      "controlResults": [
        {
          "id": "CG-GHA-001",
          "passed": true,
          "evidence": "Checkout remains inside the authorized triggering repository."
        },
        {
          "id": "CG-GHA-002",
          "passed": false,
          "evidence": "pull_request_target combines privileged context with an untrusted head checkout."
        },
        {
          "id": "CG-GHA-003",
          "passed": true,
          "evidence": "Repository contents are explicitly read-only."
        },
        {
          "id": "CG-GHA-004",
          "passed": true,
          "evidence": "Every external action reference is a full 40-character commit SHA."
        },
        {
          "id": "CG-GHA-005",
          "passed": true,
          "evidence": "Checkout credentials are not persisted."
        },
        {
          "id": "CG-GHA-006",
          "passed": true,
          "evidence": "No tested untrusted GitHub context is expanded directly inside a run block."
        },
        {
          "id": "CG-GHA-007",
          "passed": true,
          "evidence": "OIDC requires signed preview plus audience and repository binding in the receiver policy."
        },
        {
          "id": "CG-GHA-008",
          "passed": true,
          "evidence": "No tested high-impact command is present."
        }
      ]
    },
    {
      "id": "CG-GHA-BENCH-007",
      "title": "OIDC enabled without bound receiver policy",
      "expectedStatus": "block",
      "observedStatus": "block",
      "expectedFailedControlIds": [
        "CG-GHA-007"
      ],
      "failedControlIds": [
        "CG-GHA-007"
      ],
      "passed": true,
      "workflowSha256": "a12400fed9539aeb8fb0772f812f1d9b1bb269a0c15d6e7cdac721ae979ccc01",
      "controlResults": [
        {
          "id": "CG-GHA-001",
          "passed": true,
          "evidence": "Checkout remains inside the authorized triggering repository."
        },
        {
          "id": "CG-GHA-002",
          "passed": true,
          "evidence": "No privileged trigger checks out an untrusted pull-request head."
        },
        {
          "id": "CG-GHA-003",
          "passed": true,
          "evidence": "Repository contents are explicitly read-only."
        },
        {
          "id": "CG-GHA-004",
          "passed": true,
          "evidence": "Every external action reference is a full 40-character commit SHA."
        },
        {
          "id": "CG-GHA-005",
          "passed": true,
          "evidence": "Checkout credentials are not persisted."
        },
        {
          "id": "CG-GHA-006",
          "passed": true,
          "evidence": "No tested untrusted GitHub context is expanded directly inside a run block."
        },
        {
          "id": "CG-GHA-007",
          "passed": false,
          "evidence": "OIDC requires signed preview plus audience and repository binding in the receiver policy."
        },
        {
          "id": "CG-GHA-008",
          "passed": true,
          "evidence": "No tested high-impact command is present."
        }
      ]
    },
    {
      "id": "CG-GHA-BENCH-008",
      "title": "Deployment command without protected environment",
      "expectedStatus": "block",
      "observedStatus": "block",
      "expectedFailedControlIds": [
        "CG-GHA-008"
      ],
      "failedControlIds": [
        "CG-GHA-008"
      ],
      "passed": true,
      "workflowSha256": "a139a2deba8357f3b9a333f2d898be73f94a467e892750c5d22e68b0c98851e1",
      "controlResults": [
        {
          "id": "CG-GHA-001",
          "passed": true,
          "evidence": "Checkout remains inside the authorized triggering repository."
        },
        {
          "id": "CG-GHA-002",
          "passed": true,
          "evidence": "No privileged trigger checks out an untrusted pull-request head."
        },
        {
          "id": "CG-GHA-003",
          "passed": true,
          "evidence": "Repository contents are explicitly read-only."
        },
        {
          "id": "CG-GHA-004",
          "passed": true,
          "evidence": "Every external action reference is a full 40-character commit SHA."
        },
        {
          "id": "CG-GHA-005",
          "passed": true,
          "evidence": "Checkout credentials are not persisted."
        },
        {
          "id": "CG-GHA-006",
          "passed": true,
          "evidence": "No tested untrusted GitHub context is expanded directly inside a run block."
        },
        {
          "id": "CG-GHA-007",
          "passed": true,
          "evidence": "OIDC requires signed preview plus audience and repository binding in the receiver policy."
        },
        {
          "id": "CG-GHA-008",
          "passed": false,
          "evidence": "High-impact execution requires both a declared environment and confirmed protection rules."
        }
      ]
    },
    {
      "id": "CG-GHA-BENCH-009",
      "title": "Unauthorized cross-repository checkout",
      "expectedStatus": "block",
      "observedStatus": "block",
      "expectedFailedControlIds": [
        "CG-GHA-001"
      ],
      "failedControlIds": [
        "CG-GHA-001"
      ],
      "passed": true,
      "workflowSha256": "5693d8aa2246cfba94195e1b25780f9942a256d2e2699a7f402ec499870f8186",
      "controlResults": [
        {
          "id": "CG-GHA-001",
          "passed": false,
          "evidence": "Checkout targets outside/private-repository; the declared authorization list controls the result."
        },
        {
          "id": "CG-GHA-002",
          "passed": true,
          "evidence": "No privileged trigger checks out an untrusted pull-request head."
        },
        {
          "id": "CG-GHA-003",
          "passed": true,
          "evidence": "Repository contents are explicitly read-only."
        },
        {
          "id": "CG-GHA-004",
          "passed": true,
          "evidence": "Every external action reference is a full 40-character commit SHA."
        },
        {
          "id": "CG-GHA-005",
          "passed": true,
          "evidence": "Checkout credentials are not persisted."
        },
        {
          "id": "CG-GHA-006",
          "passed": true,
          "evidence": "No tested untrusted GitHub context is expanded directly inside a run block."
        },
        {
          "id": "CG-GHA-007",
          "passed": true,
          "evidence": "OIDC requires signed preview plus audience and repository binding in the receiver policy."
        },
        {
          "id": "CG-GHA-008",
          "passed": true,
          "evidence": "No tested high-impact command is present."
        }
      ]
    },
    {
      "id": "CG-GHA-BENCH-010",
      "title": "Read-only gate without OIDC",
      "expectedStatus": "pass",
      "observedStatus": "pass",
      "expectedFailedControlIds": [],
      "failedControlIds": [],
      "passed": true,
      "workflowSha256": "975ba99f03bef574dee5b48d756488f15126ef1cee935d80fc96af30dcbbbfcf",
      "controlResults": [
        {
          "id": "CG-GHA-001",
          "passed": true,
          "evidence": "Checkout remains inside the authorized triggering repository."
        },
        {
          "id": "CG-GHA-002",
          "passed": true,
          "evidence": "No privileged trigger checks out an untrusted pull-request head."
        },
        {
          "id": "CG-GHA-003",
          "passed": true,
          "evidence": "Repository contents are explicitly read-only."
        },
        {
          "id": "CG-GHA-004",
          "passed": true,
          "evidence": "Every external action reference is a full 40-character commit SHA."
        },
        {
          "id": "CG-GHA-005",
          "passed": true,
          "evidence": "Checkout credentials are not persisted."
        },
        {
          "id": "CG-GHA-006",
          "passed": true,
          "evidence": "No tested untrusted GitHub context is expanded directly inside a run block."
        },
        {
          "id": "CG-GHA-007",
          "passed": true,
          "evidence": "OIDC permission is absent."
        },
        {
          "id": "CG-GHA-008",
          "passed": true,
          "evidence": "No tested high-impact command is present."
        }
      ]
    }
  ],
  "sourceUrls": [
    "https://docs.github.com/en/actions/reference/security/secure-use",
    "https://docs.github.com/en/actions/concepts/security/script-injections",
    "https://docs.github.com/en/actions/concepts/security/openid-connect",
    "https://docs.github.com/en/actions/reference/workflows-and-actions/deployments-and-environments",
    "https://docs.github.com/en/organizations/managing-organization-settings/actions-policies/workflow-execution-protections"
  ],
  "claimBoundary": "This publisher-operated benchmark applies eight narrow static checks to ten inert synthetic workflow fixtures. It does not execute GitHub Actions, inspect a live repository, test GitHub infrastructure, or prove that a workflow is secure.",
  "limitations": [
    "The evaluator recognizes the declared fixture patterns; it is not a general YAML parser or a replacement for CodeQL, review, or GitHub policy enforcement.",
    "Repository, environment, OIDC receiver, and authorization settings outside workflow YAML are represented by explicit synthetic context declarations.",
    "A passing fixture means the expected rule outcome was reproduced for that fixture only.",
    "GitHub features, plan availability, and public-preview behavior can change after the source-check date."
  ],
  "privacy": {
    "customerRepositoriesUsed": false,
    "networkActionsExecuted": false,
    "secretsIncluded": false,
    "workflowCommandsExecuted": false
  },
  "runDigestSha256": "648f1fa0a3e94803fbc045196e7c80f6e078df0b489a34cb77035bfba414e24e"
}
