From e91c8f34f58758758a9405783be7ab62086019e2 Mon Sep 17 00:00:00 2001 From: "updateclibot[bot]" <92153806+updateclibot[bot]@users.noreply.github.com> Date: Thu, 12 Mar 2026 14:29:59 +0000 Subject: [PATCH 1/7] chore(zizmor): install Zizmor gha action v0.5.2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Made with ❤️️ by updatecli --- .github/workflows/zizmor.yaml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 .github/workflows/zizmor.yaml diff --git a/.github/workflows/zizmor.yaml b/.github/workflows/zizmor.yaml new file mode 100644 index 00000000..f32bd3d0 --- /dev/null +++ b/.github/workflows/zizmor.yaml @@ -0,0 +1,25 @@ +name: GitHub Actions Security Analysis with zizmor 🌈 + +on: + push: + branches: ["main"] + pull_request: + branches: ["**"] + +permissions: {} + +jobs: + zizmor: + runs-on: ubuntu-latest + permissions: + security-events: write + contents: read # only needed for private or internal repos + actions: read # only needed for private or internal repos + steps: + - name: Checkout repository + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: Run zizmor 🌈 + uses: zizmorcore/zizmor-action@71321a20a9ded102f6e9ce5718a2fcec2c4f70d8 # v0.5.2 From e415f7de515b3b8701aa7e7d8a23d4eac0319be3 Mon Sep 17 00:00:00 2001 From: "updateclibot[bot]" <92153806+updateclibot[bot]@users.noreply.github.com> Date: Thu, 12 Mar 2026 14:30:08 +0000 Subject: [PATCH 2/7] chore(zizmor): install Zizmor gha action v0.5.2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Made with ❤️️ by updatecli From dca225412bc48827a3aeae47821b2d4ed00c078c Mon Sep 17 00:00:00 2001 From: "updateclibot[bot]" <92153806+updateclibot[bot]@users.noreply.github.com> Date: Thu, 12 Mar 2026 19:40:57 +0000 Subject: [PATCH 3/7] chore(zizmor): install Zizmor gha action v0.5.2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Made with ❤️️ by updatecli --- .github/workflows/zizmor.yaml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/zizmor.yaml b/.github/workflows/zizmor.yaml index f32bd3d0..73921426 100644 --- a/.github/workflows/zizmor.yaml +++ b/.github/workflows/zizmor.yaml @@ -13,8 +13,7 @@ jobs: runs-on: ubuntu-latest permissions: security-events: write - contents: read # only needed for private or internal repos - actions: read # only needed for private or internal repos + # steps: - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 @@ -23,3 +22,7 @@ jobs: - name: Run zizmor 🌈 uses: zizmorcore/zizmor-action@71321a20a9ded102f6e9ce5718a2fcec2c4f70d8 # v0.5.2 + with: + # intentionally not scanning the entire repository, + inputs: ./.github/ + advanced-security: From 4b184932bb416e8938884782614bbfdb5ee7a2fa Mon Sep 17 00:00:00 2001 From: "updateclibot[bot]" <92153806+updateclibot[bot]@users.noreply.github.com> Date: Thu, 12 Mar 2026 19:49:36 +0000 Subject: [PATCH 4/7] chore(zizmor): install Zizmor gha action v0.5.2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Made with ❤️️ by updatecli --- .github/workflows/zizmor.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/zizmor.yaml b/.github/workflows/zizmor.yaml index 73921426..136c731f 100644 --- a/.github/workflows/zizmor.yaml +++ b/.github/workflows/zizmor.yaml @@ -14,6 +14,9 @@ jobs: permissions: security-events: write # + contents: read # only needed for private or internal repos + actions: read # only needed for private or internal repos + # steps: - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 @@ -25,4 +28,4 @@ jobs: with: # intentionally not scanning the entire repository, inputs: ./.github/ - advanced-security: + advanced-security: true From 19d4c2aedc580b29fd19b6cf972df270b593a5b7 Mon Sep 17 00:00:00 2001 From: "updateclibot[bot]" <92153806+updateclibot[bot]@users.noreply.github.com> Date: Thu, 12 Mar 2026 19:50:16 +0000 Subject: [PATCH 5/7] chore(zizmor): install Zizmor gha action v0.5.2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Made with ❤️️ by updatecli From 1e9a79974337250a99cef3abe5e705759796924b Mon Sep 17 00:00:00 2001 From: "updateclibot[bot]" <92153806+updateclibot[bot]@users.noreply.github.com> Date: Thu, 12 Mar 2026 20:27:23 +0000 Subject: [PATCH 6/7] chore(zizmor): install Zizmor gha action v0.5.2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Made with ❤️️ by updatecli --- .github/workflows/zizmor.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/zizmor.yaml b/.github/workflows/zizmor.yaml index 136c731f..e0b673b8 100644 --- a/.github/workflows/zizmor.yaml +++ b/.github/workflows/zizmor.yaml @@ -13,10 +13,9 @@ jobs: runs-on: ubuntu-latest permissions: security-events: write - # contents: read # only needed for private or internal repos actions: read # only needed for private or internal repos - # + steps: - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 From 53229cd83d8b84fced3b6963410e829853131064 Mon Sep 17 00:00:00 2001 From: "updateclibot[bot]" <92153806+updateclibot[bot]@users.noreply.github.com> Date: Fri, 13 Mar 2026 07:18:26 +0000 Subject: [PATCH 7/7] chore(zizmor): install Zizmor gha action v0.5.2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Made with ❤️️ by updatecli --- .github/workflows/zizmor.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/zizmor.yaml b/.github/workflows/zizmor.yaml index e0b673b8..e5f64886 100644 --- a/.github/workflows/zizmor.yaml +++ b/.github/workflows/zizmor.yaml @@ -13,9 +13,6 @@ jobs: runs-on: ubuntu-latest permissions: security-events: write - contents: read # only needed for private or internal repos - actions: read # only needed for private or internal repos - steps: - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2