Skip to content

Commit b6d9f92

Browse files
swibi-ttdclaude
andcommitted
UID2-7011: add zizmor workflow-security scan (report-only)
Bare caller of the shared scan: severity floors inherit central defaults (report-only, High) and are overridable per-repo via ZIZMOR_* Actions variables. Part of the UID2-7011 org-wide rollout. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
1 parent f668eb1 commit b6d9f92

1 file changed

Lines changed: 16 additions & 0 deletions

File tree

.github/workflows/zizmor.yaml

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
name: Zizmor Scan
2+
3+
on:
4+
pull_request:
5+
# Must cover everywhere scannable files live; the scan covers the whole repo.
6+
paths:
7+
- '.github/**'
8+
workflow_dispatch:
9+
10+
permissions:
11+
contents: read
12+
13+
jobs:
14+
zizmor:
15+
# Bare call: severity floors come from the shared workflow's defaults.
16+
uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-zizmor-scan.yaml@v3

0 commit comments

Comments
 (0)