Skip to content

Scaffold Zizmor GitHub action workflow#27

Closed
updateclibot[bot] wants to merge 0 commit intomainfrom
updatecli_main_scaffold_zizmor
Closed

Scaffold Zizmor GitHub action workflow#27
updateclibot[bot] wants to merge 0 commit intomainfrom
updatecli_main_scaffold_zizmor

Conversation

@updateclibot
Copy link
Contributor

@updateclibot updateclibot bot commented Mar 12, 2026

This PR was automatically created by Updatecli to set up a Zizmor GitHub Action workflow for security scanning.
Zizmor is a static analysis tool that identifies misconfigurations in GitHub Actions workflows. This workflow will only be created if no existing Zizmor configurations were detected. Updatecli is a tool to automate configuration update across git repositories. It can be used to manage and maintain your infrastructure as code, including GitHub Actions workflows.
For more information:

Scaffold Zizmor GitHub action workflow

install Zizmor gha action v0.5.2

1 file(s) updated with "name: GitHub Actions Security Analysis with zizmor 🌈\n\non:\n push:\n branches: [\"main\"]\n pull_request:\n branches: [\"**\"]\n\npermissions: {}\n\njobs:\n zizmor:\n runs-on: ubuntu-latest\n permissions:\n security-events: write\n contents: read # only needed for private or internal repos\n actions: read # only needed for private or internal repos\n steps:\n - name: Checkout repository\n uses: actions/checkout@de0fac2 # v6.0.2\n with:\n persist-credentials: false\n\n - name: Run zizmor 🌈\n uses: zizmorcore/zizmor-action@71321a2 # v0.5.2\n": * .github/workflows/zizmor.yaml

GitHub Action workflow link
Updatecli logo

Created automatically by Updatecli

Options:

Most of Updatecli configuration is done via its manifest(s).

  • If you close this pull request, Updatecli will automatically reopen it, the next time it runs.
  • If you close this pull request and delete the base branch, Updatecli will automatically recreate it, erasing all previous commits made.

Feel free to report any issues at github.com/updatecli/updatecli.
If you find this tool useful, do not hesitate to star our GitHub repository as a sign of appreciation, and/or to tell us directly on our chat!

@updateclibot updateclibot bot added the chore label Mar 12, 2026
@github-advanced-security
Copy link

github-advanced-security bot commented Mar 12, 2026

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

  • The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
  • Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
  • You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

@updateclibot updateclibot bot closed this Mar 12, 2026
@updateclibot updateclibot bot force-pushed the updatecli_main_scaffold_zizmor branch from 62925e5 to ff85a51 Compare March 12, 2026 17:00
@updateclibot updateclibot bot deleted the updatecli_main_scaffold_zizmor branch March 12, 2026 17:01
@updateclibot updateclibot bot restored the updatecli_main_scaffold_zizmor branch March 12, 2026 19:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

chore

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants