UID2-7011: add zizmor workflow-security scan (report-only) #1
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Zizmor Scan | |
| on: | |
| pull_request: | |
| # Trigger when anything zizmor scans changes. The scan itself covers the | |
| # whole repo; if this repo keeps composite actions outside .github/, add | |
| # those paths so changes there don't slip through. | |
| paths: | |
| - '.github/**' | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| jobs: | |
| zizmor: | |
| # Bare call: severity floors inherit the shared workflow's central defaults | |
| # (report-only, High) and can be overridden per-repo via the | |
| # ZIZMOR_MIN_SEVERITY / ZIZMOR_FAIL_SEVERITY Actions variables — no PR | |
| # needed. See the zizmor section of the uid2-shared-actions README. | |
| uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-zizmor-scan.yaml@v3 |