generated from bitwarden/template
-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy pathzizmor.yml
More file actions
18 lines (17 loc) · 779 Bytes
/
zizmor.yml
File metadata and controls
18 lines (17 loc) · 779 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
rules:
unpinned-uses:
config:
policies:
bitwarden/gh-actions/*: ref-pin
bitwarden/ios/*: ref-pin
bitwarden/mobile-learning-sandbox/*: ref-pin
bitwarden/android/*: ref-pin
dangerous-triggers: # Often caused by our pull_request_target usage that we scrutinize manually
disable: true
secrets-inherit: # With our use of AKV for secrets, this is less relevant
disable: true
# The following items are ones we should address in time, but are not blocking issues for now
use-trusted-publishing: # This is a security best practice that we should adopt, but not critical yet
disable: true
cache-poisoning: # This may no longer be an issue with the updated cache action doing key-based caching by default
disable: true