Adopt zizmor GitHub Actions security scanning tool #60
Conversation
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
alcaeus
left a comment
alcaeus
left a comment
There was a problem hiding this comment.
Great idea to add checks for GitHub Actions. Just one question about the create-branch content.
| is set to anything other than `false`, no files are uploaded, but instead the | ||
| filename along with the resulting location in the bucket is printed. | ||
|
|
||
| ## Create Release Branch |
There was a problem hiding this comment.
Drat, forgot to create a new branch, reverting.
There was a problem hiding this comment.
Okay, pulling from main resolved it.
…nto branch-update-script
2 participants
Adds support for zizmor, "a tool for finding security issues in GitHub Actions CI/CD setups."
It is still in development, but already useful. Missing features are a GitHub Action, and a non-zero exit code so we can fail builds. For now this applies the recommended fixes and sets it up as a security scan source.