Skip to content

Commit a42d23b

Browse files
committed
chore: probe zizmor compliance
1 parent 8c9650b commit a42d23b

1 file changed

Lines changed: 24 additions & 0 deletions

File tree

.github/workflows/zizmor-scan.yml

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,24 @@
1+
name: Zizmor Workflow Security Scan
2+
3+
on:
4+
pull_request:
5+
paths:
6+
- .github/workflows/**
7+
8+
permissions:
9+
contents: read
10+
11+
jobs:
12+
zizmor-scan:
13+
runs-on: ubuntu-latest
14+
steps:
15+
- name: Checkout repository
16+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
17+
with:
18+
persist-credentials: false
19+
20+
- name: Install zizmor
21+
run: pip install zizmor==1.25.2
22+
23+
- name: Scan workflows
24+
run: zizmor --min-severity=medium .github/workflows/

0 commit comments

Comments
 (0)