Skip to content

Commit 48c814e

Browse files
swibi-ttdclaude
andcommitted
UID2-7011: add zizmor workflow-security scan (report-only)
Bare caller of the shared scan: severity floors inherit central defaults (report-only, High) and are overridable per-repo via ZIZMOR_* Actions variables. Part of the UID2-7011 org-wide rollout. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
1 parent 4cf6db7 commit 48c814e

1 file changed

Lines changed: 20 additions & 0 deletions

File tree

.github/workflows/zizmor.yaml

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
name: Zizmor Scan
2+
3+
on:
4+
pull_request:
5+
# Trigger when anything zizmor scans changes. The scan itself covers the
6+
# whole repo; if this repo keeps composite actions outside .github/, add
7+
# those paths so changes there don't slip through.
8+
paths:
9+
- '.github/**'
10+
workflow_dispatch:
11+
12+
permissions:
13+
contents: read
14+
15+
jobs:
16+
zizmor:
17+
# Bare call: severity floors inherit the shared workflow's central defaults
18+
# (report-only, High), so org-wide retunes are a single change in
19+
# uid2-shared-actions. See the zizmor section of its README.
20+
uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-zizmor-scan.yaml@v3

0 commit comments

Comments
 (0)