Skip to content

v0.6.1: GitHub Action and one-line install

Choose a tag to compare

@github-actions github-actions released this 10 Jun 14:26
c7e57fa

What's new

Zyrax Guard now plugs straight into CI and installs in one line.

GitHub Action

Gate every pull request. Drop Guard into a workflow and it checks the dependencies a PR adds. If one is a typosquat, known malware, a hallucinated name, or ships a risky install script, the check fails before it merges. Works with npm, PyPI, and crates.io.

- uses: actions/checkout@v4
  with: { fetch-depth: 0 }
- uses: tiagosilva07/zyrax-guard@v0
  with:
    ecosystem: npm        # npm | pypi | crates

One-line install (Linux / macOS)

curl -fsSL https://raw.githubusercontent.com/tiagosilva07/zyrax-guard/main/scripts/install.sh | sh

Downloads the signed binary for your OS/arch and verifies its SHA-256 (and the cosign signature when cosign is on your PATH).

Verify

Every binary is signed with keyless cosign and SLSA build provenance, and an SPDX SBOM is attached:

cosign verify-blob --bundle zyrax-guard-linux-amd64.cosign.bundle zyrax-guard-linux-amd64

Supersedes v0.6.0 (action description shortened to meet the Marketplace 125-character limit; no CLI behavior change).