Skip to content

UID2-7011: add zizmor workflow-security scan (report-only) #1

UID2-7011: add zizmor workflow-security scan (report-only)

UID2-7011: add zizmor workflow-security scan (report-only) #1

Workflow file for this run

name: Zizmor Scan
on:
pull_request:
# Trigger when anything zizmor scans changes. The scan itself covers the
# whole repo; if this repo keeps composite actions outside .github/, add
# those paths so changes there don't slip through.
paths:
- '.github/**'
workflow_dispatch:
permissions:
contents: read
jobs:
zizmor:
# Bare call: severity floors inherit the shared workflow's central defaults
# (report-only, High) and can be overridden per-repo via the
# ZIZMOR_MIN_SEVERITY / ZIZMOR_FAIL_SEVERITY Actions variables — no PR
# needed. See the zizmor section of the uid2-shared-actions README.
uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-zizmor-scan.yaml@v3