From e3901320f256faabb7990a6663bf0c773dd37102 Mon Sep 17 00:00:00 2001 From: "updateclibot[bot]" <92153806+updateclibot[bot]@users.noreply.github.com> Date: Thu, 12 Mar 2026 14:30:27 +0000 Subject: [PATCH 1/7] chore(zizmor): install Zizmor gha action v0.5.2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Made with ❤️️ by updatecli --- .github/workflows/zizmor.yaml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 .github/workflows/zizmor.yaml diff --git a/.github/workflows/zizmor.yaml b/.github/workflows/zizmor.yaml new file mode 100644 index 0000000..f32bd3d --- /dev/null +++ b/.github/workflows/zizmor.yaml @@ -0,0 +1,25 @@ +name: GitHub Actions Security Analysis with zizmor 🌈 + +on: + push: + branches: ["main"] + pull_request: + branches: ["**"] + +permissions: {} + +jobs: + zizmor: + runs-on: ubuntu-latest + permissions: + security-events: write + contents: read # only needed for private or internal repos + actions: read # only needed for private or internal repos + steps: + - name: Checkout repository + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: Run zizmor 🌈 + uses: zizmorcore/zizmor-action@71321a20a9ded102f6e9ce5718a2fcec2c4f70d8 # v0.5.2 From 925168726afcd2bb82e9d01e783142300c62a4b2 Mon Sep 17 00:00:00 2001 From: "updateclibot[bot]" <92153806+updateclibot[bot]@users.noreply.github.com> Date: Thu, 12 Mar 2026 14:30:40 +0000 Subject: [PATCH 2/7] chore(zizmor): install Zizmor gha action v0.5.2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Made with ❤️️ by updatecli From 3b3a39a09646ef9b98b49eb95db32690b487175e Mon Sep 17 00:00:00 2001 From: "updateclibot[bot]" <92153806+updateclibot[bot]@users.noreply.github.com> Date: Thu, 12 Mar 2026 19:41:21 +0000 Subject: [PATCH 3/7] chore(zizmor): install Zizmor gha action v0.5.2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Made with ❤️️ by updatecli --- .github/workflows/zizmor.yaml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/zizmor.yaml b/.github/workflows/zizmor.yaml index f32bd3d..7392142 100644 --- a/.github/workflows/zizmor.yaml +++ b/.github/workflows/zizmor.yaml @@ -13,8 +13,7 @@ jobs: runs-on: ubuntu-latest permissions: security-events: write - contents: read # only needed for private or internal repos - actions: read # only needed for private or internal repos + # steps: - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 @@ -23,3 +22,7 @@ jobs: - name: Run zizmor 🌈 uses: zizmorcore/zizmor-action@71321a20a9ded102f6e9ce5718a2fcec2c4f70d8 # v0.5.2 + with: + # intentionally not scanning the entire repository, + inputs: ./.github/ + advanced-security: From 82a47d0c3f5e278c4a83c8019f1207b75510843e Mon Sep 17 00:00:00 2001 From: "updateclibot[bot]" <92153806+updateclibot[bot]@users.noreply.github.com> Date: Thu, 12 Mar 2026 19:49:55 +0000 Subject: [PATCH 4/7] chore(zizmor): install Zizmor gha action v0.5.2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Made with ❤️️ by updatecli --- .github/workflows/zizmor.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/zizmor.yaml b/.github/workflows/zizmor.yaml index 7392142..136c731 100644 --- a/.github/workflows/zizmor.yaml +++ b/.github/workflows/zizmor.yaml @@ -14,6 +14,9 @@ jobs: permissions: security-events: write # + contents: read # only needed for private or internal repos + actions: read # only needed for private or internal repos + # steps: - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 @@ -25,4 +28,4 @@ jobs: with: # intentionally not scanning the entire repository, inputs: ./.github/ - advanced-security: + advanced-security: true From 05bf843389f3a9ffe15d579a66cb9b06e4c40825 Mon Sep 17 00:00:00 2001 From: "updateclibot[bot]" <92153806+updateclibot[bot]@users.noreply.github.com> Date: Thu, 12 Mar 2026 19:50:38 +0000 Subject: [PATCH 5/7] chore(zizmor): install Zizmor gha action v0.5.2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Made with ❤️️ by updatecli From d649ebf3a60580936cb3fc9812f7b6c115dc3100 Mon Sep 17 00:00:00 2001 From: "updateclibot[bot]" <92153806+updateclibot[bot]@users.noreply.github.com> Date: Thu, 12 Mar 2026 20:27:53 +0000 Subject: [PATCH 6/7] chore(zizmor): install Zizmor gha action v0.5.2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Made with ❤️️ by updatecli --- .github/workflows/zizmor.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/zizmor.yaml b/.github/workflows/zizmor.yaml index 136c731..e0b673b 100644 --- a/.github/workflows/zizmor.yaml +++ b/.github/workflows/zizmor.yaml @@ -13,10 +13,9 @@ jobs: runs-on: ubuntu-latest permissions: security-events: write - # contents: read # only needed for private or internal repos actions: read # only needed for private or internal repos - # + steps: - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 From 4cb32d59c6634c8aeaa3d695061f458223763993 Mon Sep 17 00:00:00 2001 From: "updateclibot[bot]" <92153806+updateclibot[bot]@users.noreply.github.com> Date: Fri, 13 Mar 2026 07:18:49 +0000 Subject: [PATCH 7/7] chore(zizmor): install Zizmor gha action v0.5.2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Made with ❤️️ by updatecli --- .github/workflows/zizmor.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/zizmor.yaml b/.github/workflows/zizmor.yaml index e0b673b..e5f6488 100644 --- a/.github/workflows/zizmor.yaml +++ b/.github/workflows/zizmor.yaml @@ -13,9 +13,6 @@ jobs: runs-on: ubuntu-latest permissions: security-events: write - contents: read # only needed for private or internal repos - actions: read # only needed for private or internal repos - steps: - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2