The detection rule `GitHub Workflow Downloading Artifacts` identifies instances when GitHub Actions workflows are set up to download artifacts during their execution. This rule is particularly relevant in CI/CD pipelines where artifacts can hold significant information or binaries necessary for deployments and other automated processes. The rule targets specific logs generated by GitHub webhooks specifically related to completed workflow actions, focusing on events such as the successful download of artifacts using the `actions/download-artifact` step or similar commands in the workflow jobs. Additionally, it monitors both completed workflows with artifact downloads and identifies cases where workflows don't include artifact download steps, ensuring a comprehensive approach to monitoring these actions. The rule has a severity level of 'Info,' indicating that it's more of an informative detection rather than signaling an immediate threat. Its relevance is particularly underscored by instances of potential abuse related to artifact downloads, making it essential for maintaining CI/CD security in developers' workflows.