Commit 2475403
committed
Add zizmor static analysis to CI
Add zizmor workflow security scanner as a CI job to detect
common GitHub Actions misconfigurations and vulnerabilities.
Uses SARIF output for GitHub security tab integration.
A .github/zizmor.yml config allows ref-pinned refs for our
own posit-dev/images-shared/* composite actions while
requiring hash-pinning for all third-party actions.1 parent 0b281b1 commit 2475403
2 files changed
Lines changed: 22 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
29 | 29 | | |
30 | 30 | | |
31 | 31 | | |
| 32 | + | |
32 | 33 | | |
33 | 34 | | |
34 | 35 | | |
35 | 36 | | |
| 37 | + | |
36 | 38 | | |
37 | 39 | | |
38 | 40 | | |
| |||
132 | 134 | | |
133 | 135 | | |
134 | 136 | | |
| 137 | + | |
| 138 | + | |
| 139 | + | |
| 140 | + | |
| 141 | + | |
| 142 | + | |
| 143 | + | |
| 144 | + | |
| 145 | + | |
| 146 | + | |
| 147 | + | |
135 | 148 | | |
136 | 149 | | |
137 | 150 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
| 1 | + | |
| 2 | + | |
| 3 | + | |
| 4 | + | |
| 5 | + | |
| 6 | + | |
| 7 | + | |
| 8 | + | |
| 9 | + | |
0 commit comments