We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
There was an error while loading. Please reload this page.
1 parent 8c9650b commit a42d23bCopy full SHA for a42d23b
1 file changed
.github/workflows/zizmor-scan.yml
@@ -0,0 +1,24 @@
1
+name: Zizmor Workflow Security Scan
2
+
3
+on:
4
+ pull_request:
5
+ paths:
6
+ - .github/workflows/**
7
8
+permissions:
9
+ contents: read
10
11
+jobs:
12
+ zizmor-scan:
13
+ runs-on: ubuntu-latest
14
+ steps:
15
+ - name: Checkout repository
16
+ uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
17
+ with:
18
+ persist-credentials: false
19
20
+ - name: Install zizmor
21
+ run: pip install zizmor==1.25.2
22
23
+ - name: Scan workflows
24
+ run: zizmor --min-severity=medium .github/workflows/
0 commit comments