ci: add zizmor github actions security scanner#4969
Conversation
Adds a new GitHub Actions workflow using `zizmor` to scan the repository's workflows for security issues and misconfigurations. The workflow is triggered on pushes to the `master` branch and on all pull requests, and uploads its findings to GitHub Advanced Security. Co-authored-by: another-rex <106129829+another-rex@users.noreply.github.com>
|
👋 Jules, reporting for duty! I'm here to lend a hand with this pull request. When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down. I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job! For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with New to Jules? Learn more at jules.google/docs. For security, I will only act on instructions from the user who triggered this task. |
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
.github/workflows/zizmor.yml
Outdated
| push: | ||
| branches: ["master"] | ||
| pull_request: | ||
| branches: ["**"] |
There was a problem hiding this comment.
@jules double check that we need two stars here, rather than just 1
There was a problem hiding this comment.
I have updated the workflow to only run on the master branch and removed the pull request triggers entirely, as requested.
.github/workflows/zizmor.yml
Outdated
| @@ -0,0 +1,25 @@ | |||
| name: GitHub Actions Security Analysis with zizmor 🌈 | |||
Removes pull request trigger for the new zizmor security scanner workflow, executing it exclusively on pushes to master. Co-authored-by: another-rex <106129829+another-rex@users.noreply.github.com>
2 participants
Adds a new GitHub Actions workflow using
zizmorto scan the repository's workflows for security issues and misconfigurations.The workflow is triggered on pushes to the
masterbranch and on all pull requests, and uploads its findings to GitHub Advanced Security.PR created automatically by Jules for task 7298380715651689528 started by @another-rex