Skip to content

Add Zizmor workflow security scanning#168

Merged
Agilulfo1820 merged 4 commits intomasterfrom
feature/add-zizmor-workflow
Nov 17, 2025
Merged

Add Zizmor workflow security scanning#168
Agilulfo1820 merged 4 commits intomasterfrom
feature/add-zizmor-workflow

Conversation

@Vombato
Copy link
Contributor

@Vombato Vombato commented Nov 17, 2025

Add Zizmor Workflow Security Scanning

This PR adds automated security scanning for GitHub Actions workflows using Zizmor.

Issue Resolved

  • Closes vechain/security#383

Changes

  • ✅ Added .github/workflows/scan-workflows.yaml workflow
  • 📝 Added workflow badge to README.md (committed locally, not pushed - for manual review)

Configuration

  • Persona: auditor
  • Min Severity: high
  • Min Confidence: high

@Vombato
Add Zizmor workflow security scanning
07d50e1 
- Add .github/workflows/scan-workflows.yaml with high severity/confidence settings
- Configure automated security scanning for GitHub Actions workflows

Closes vechain/security#383
@Vombato
Add Zizmor workflow badge to README.md
d9b7169
@Vombato
fix: permission at job level
9f4b3cc
@Vombato
doc: update README with zizmor badge
f92e900
@Vombato Vombato requested a review from Agilulfo1820 November 17, 2025 10:14
@Vombato Vombato marked this pull request as ready for review November 17, 2025 10:15
@Agilulfo1820 Agilulfo1820 merged commit 7202705 into master Nov 17, 2025
5 checks passed
@Agilulfo1820 Agilulfo1820 deleted the feature/add-zizmor-workflow branch November 17, 2025 11:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Agilulfo1820 Agilulfo1820 Agilulfo1820 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Vombato @Agilulfo1820