Skip to content

Add zizmor GitHub Actions workflow for CI security analysis#374

Merged
jonathan343 merged 1 commit intodevelopfrom
add-zizmor
Apr 6, 2026
Merged

Add zizmor GitHub Actions workflow for CI security analysis#374
jonathan343 merged 1 commit intodevelopfrom
add-zizmor

Conversation

@jonathan343
Copy link
Copy Markdown
Contributor

@jonathan343 jonathan343 commented Apr 5, 2026

This is the S3transfer version of boto/botocore#3665

Overview

This PR adds a zizmor GitHub Actions workflow to scan this repository's workflows for common security issues.

zizmor is a static analysis tool for GitHub Actions. It helps detect insecure workflow patterns such as overly broad permissions, unsafe triggers, and unpinned or risky action usage.

References

Quote from PyPI blog:

"If you are using GitHub Actions as your continuous deployment provider, we highly recommend the tool "Zizmor" for detecting and fixing insecure workflows."

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@github-advanced-security
Copy link
Copy Markdown

github-advanced-security bot commented Apr 5, 2026

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

  • The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
  • Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
  • You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented Apr 5, 2026

⚠️ Please install the 'codecov app svg image' to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 80.45%. Comparing base (1c927ba) to head (5ae56c6).
⚠️ Report is 3 commits behind head on develop.
❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files 
@@             Coverage Diff             @@
##           develop     #374      +/-   ##
===========================================
- Coverage    80.61%   80.45%   -0.17%     
===========================================
  Files           16       16              
  Lines         3013     3013              
===========================================
- Hits          2429     2424       -5     
- Misses         584      589       +5

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

arandito
arandito reviewed Apr 6, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@arandito arandito left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:shipit:

@jonathan343 jonathan343 merged commit 27fa647 into develop Apr 6, 2026
91 checks passed
@jonathan343 jonathan343 deleted the add-zizmor branch April 6, 2026 14:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@arandito arandito arandito approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@jonathan343 @github-advanced-security @codecov-commenter @arandito