ci: add zizmor linter to better scrutinize github actions #830
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR adds the zizmor linter to the GitHub Actions workflow to help better scrutinize GitHub Actions.
- Introduces a new job step to run the zizmor linter via a pinned commit.
- Complements the existing MegaLinter configuration in the workflow.
Comments suppressed due to low confidence (1)
.github/workflows/linting-formatting.yml:31
- [nitpick] Consider adding a brief comment explaining the purpose of the zizmor linter integration, similar to the comment provided for the oxsecurity MegaLinter entry. This clarification can help future maintainers understand its role in the workflow.
- uses: zizmorcore/zizmor-action@f52a838cfabf134edcbaa7c8b3677dde20045018 # v0.1.1
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
📦 Container Size AnalysisComparing 📈 Size Comparison Table
|
🦙 MegaLinter status:
|
| Descriptor | Linter | Files | Fixed | Errors | Warnings | Elapsed time |
|---|---|---|---|---|---|---|
| ✅ ACTION | actionlint | 18 | 0 | 0 | 0.5s | |
| ✅ DOCKERFILE | hadolint | 2 | 0 | 0 | 0.9s | |
| ✅ GHERKIN | gherkin-lint | 2 | 0 | 0 | 1.03s | |
| ✅ JSON | npm-package-json-lint | yes | no | no | 0.4s | |
| ✅ JSON | prettier | 16 | 1 | 0 | 0 | 0.49s |
| ✅ JSON | v8r | 16 | 0 | 0 | 8.81s | |
| ✅ MARKDOWN | markdownlint | 9 | 0 | 0 | 0 | 0.89s |
| ✅ MARKDOWN | markdown-table-formatter | 9 | 0 | 0 | 0 | 0.25s |
| ✅ REPOSITORY | checkov | yes | no | no | 16.13s | |
| ✅ REPOSITORY | gitleaks | yes | no | no | 0.4s | |
| ✅ REPOSITORY | git_diff | yes | no | no | 0.01s | |
| grype | yes | no | 2 | 23.17s | ||
| ✅ REPOSITORY | secretlint | yes | no | no | 0.94s | |
| ✅ REPOSITORY | syft | yes | no | no | 1.84s | |
| ✅ REPOSITORY | trivy | yes | no | no | 6.8s | |
| ✅ REPOSITORY | trivy-sbom | yes | no | no | 0.23s | |
| ✅ REPOSITORY | trufflehog | yes | no | no | 3.26s | |
| ✅ SPELL | lychee | 63 | 0 | 0 | 2.43s | |
| ✅ YAML | prettier | 24 | 0 | 0 | 0 | 0.88s |
| ✅ YAML | v8r | 24 | 0 | 0 | 5.61s | |
| ✅ YAML | yamllint | 24 | 0 | 0 | 0.72s |
See detailed report in MegaLinter reports
📦 Container Size AnalysisComparing 📈 Size Comparison Table
|
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
|
Pull Request Report (#830)Static measures
Time related measures
Status check related measures
|
|
🎉 Hooray! The changes in this pull request went live with the release of v6.1.0 🎉 |
🚀 Hey, I have created a Pull Request
Description of changes
This PR extends the linter workflow with the zizmor 🌈 linter. Additionally, it implements the suggested improvements.
✔️ Checklist