From d9cb3cdb70602e469c2e0d24da9fcc6811546ce9 Mon Sep 17 00:00:00 2001
From: Lyle McKarns <x1101@users.noreply.github.com>
Date: Fri, 19 Sep 2025 13:40:24 -0400
Subject: [PATCH 1/2] Add Zizmor Scanning of workflows

Bump to test action

Update zizmor.yml

adding `.github` as an input, per [this update](https://github.com/zizmorcore/zizmor/blob/1c3de9cd6f0dc5c56b726b4e57e7c20bf233776a/.github/workflows/zizmor.yml#L25)

Update zizmor.yml

Update zizmor.yml

Update zizmor.yml

renamed

Update .github/workflows/scan.yml

Applying suggestions based on feedback

Co-authored-by: Felix Fontein <felix@fontein.de>
---
 .github/workflows/scan.yml | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 .github/workflows/scan.yml

diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
new file mode 100644
index 0000000000..44211ddbbf
--- /dev/null
+++ b/.github/workflows/scan.yml
@@ -0,0 +1,31 @@
+name: GitHub Actions Security Analysis with zizmor 🌈
+
+on:
+  schedule:
+    # Daily
+    - cron: "23 7 * * *"
+  push:
+    paths:
+      - .github/workflows/*
+  pull_request:
+    paths:
+      - .github/workflows/*
+
+permissions: {}
+
+jobs:
+  zizmor:
+    name: Run zizmor 🌈
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+      # contents: read # only needed for private repos
+      # actions: read # only needed for private repos
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
+
+      - name: Run zizmor 🌈
+        uses: zizmorcore/zizmor-action@e673c3917a1aef3c65c972347ed84ccd013ecda4 # v0.2.0

From ecfe63ab8167877c968cfc0f3979d39306ad5138 Mon Sep 17 00:00:00 2001
From: Lyle McKarns <x1101@users.noreply.github.com>
Date: Thu, 23 Oct 2025 08:47:13 -0400
Subject: [PATCH 2/2] Removing unneeded comments

---
 .github/workflows/scan.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
index 44211ddbbf..b526b9c5fb 100644
--- a/.github/workflows/scan.yml
+++ b/.github/workflows/scan.yml
@@ -19,8 +19,6 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       security-events: write
-      # contents: read # only needed for private repos
-      # actions: read # only needed for private repos
     steps:
       - name: Checkout repository
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0