ActiveState explains how GitHub Actions attack chains can evade traditional CI security scanners, why passing a scan doesn't ...
Both tools have a point, just different ones ...