From 17e70667036c2eae71a6d7536065a0fc30b86f5a Mon Sep 17 00:00:00 2001 From: "updateclibot[bot]" <92153806+updateclibot[bot]@users.noreply.github.com> Date: Thu, 12 Mar 2026 14:30:55 +0000 Subject: [PATCH 1/7] chore(zizmor): install Zizmor gha action v0.5.2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Made with ❤️️ by updatecli --- .github/workflows/zizmor.yaml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 .github/workflows/zizmor.yaml diff --git a/.github/workflows/zizmor.yaml b/.github/workflows/zizmor.yaml new file mode 100644 index 0000000..f32bd3d --- /dev/null +++ b/.github/workflows/zizmor.yaml @@ -0,0 +1,25 @@ +name: GitHub Actions Security Analysis with zizmor 🌈 + +on: + push: + branches: ["main"] + pull_request: + branches: ["**"] + +permissions: {} + +jobs: + zizmor: + runs-on: ubuntu-latest + permissions: + security-events: write + contents: read # only needed for private or internal repos + actions: read # only needed for private or internal repos + steps: + - name: Checkout repository + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: Run zizmor 🌈 + uses: zizmorcore/zizmor-action@71321a20a9ded102f6e9ce5718a2fcec2c4f70d8 # v0.5.2 From 8b0322ee9481059c5741e13214b0f92587f51386 Mon Sep 17 00:00:00 2001 From: "updateclibot[bot]" <92153806+updateclibot[bot]@users.noreply.github.com> Date: Thu, 12 Mar 2026 14:31:12 +0000 Subject: [PATCH 2/7] chore(zizmor): install Zizmor gha action v0.5.2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Made with ❤️️ by updatecli From 8d9a2fac00bee8280736bdbd4d66375f546d0912 Mon Sep 17 00:00:00 2001 From: "updateclibot[bot]" <92153806+updateclibot[bot]@users.noreply.github.com> Date: Thu, 12 Mar 2026 19:41:41 +0000 Subject: [PATCH 3/7] chore(zizmor): install Zizmor gha action v0.5.2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Made with ❤️️ by updatecli --- .github/workflows/zizmor.yaml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/zizmor.yaml b/.github/workflows/zizmor.yaml index f32bd3d..7392142 100644 --- a/.github/workflows/zizmor.yaml +++ b/.github/workflows/zizmor.yaml @@ -13,8 +13,7 @@ jobs: runs-on: ubuntu-latest permissions: security-events: write - contents: read # only needed for private or internal repos - actions: read # only needed for private or internal repos + # steps: - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 @@ -23,3 +22,7 @@ jobs: - name: Run zizmor 🌈 uses: zizmorcore/zizmor-action@71321a20a9ded102f6e9ce5718a2fcec2c4f70d8 # v0.5.2 + with: + # intentionally not scanning the entire repository, + inputs: ./.github/ + advanced-security: From 566ea00ec487315332bed55b46afc40278f7e7b8 Mon Sep 17 00:00:00 2001 From: "updateclibot[bot]" <92153806+updateclibot[bot]@users.noreply.github.com> Date: Thu, 12 Mar 2026 19:50:13 +0000 Subject: [PATCH 4/7] chore(zizmor): install Zizmor gha action v0.5.2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Made with ❤️️ by updatecli --- .github/workflows/zizmor.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/zizmor.yaml b/.github/workflows/zizmor.yaml index 7392142..136c731 100644 --- a/.github/workflows/zizmor.yaml +++ b/.github/workflows/zizmor.yaml @@ -14,6 +14,9 @@ jobs: permissions: security-events: write # + contents: read # only needed for private or internal repos + actions: read # only needed for private or internal repos + # steps: - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 @@ -25,4 +28,4 @@ jobs: with: # intentionally not scanning the entire repository, inputs: ./.github/ - advanced-security: + advanced-security: true From 5aa12337ea53e87d3f5cb66b21c8fffe9b0f70f8 Mon Sep 17 00:00:00 2001 From: "updateclibot[bot]" <92153806+updateclibot[bot]@users.noreply.github.com> Date: Thu, 12 Mar 2026 19:50:59 +0000 Subject: [PATCH 5/7] chore(zizmor): install Zizmor gha action v0.5.2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Made with ❤️️ by updatecli From 456c82c0463424c2446feb4d39f24ff769d11f9e Mon Sep 17 00:00:00 2001 From: "updateclibot[bot]" <92153806+updateclibot[bot]@users.noreply.github.com> Date: Thu, 12 Mar 2026 20:28:19 +0000 Subject: [PATCH 6/7] chore(zizmor): install Zizmor gha action v0.5.2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Made with ❤️️ by updatecli --- .github/workflows/zizmor.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/zizmor.yaml b/.github/workflows/zizmor.yaml index 136c731..e0b673b 100644 --- a/.github/workflows/zizmor.yaml +++ b/.github/workflows/zizmor.yaml @@ -13,10 +13,9 @@ jobs: runs-on: ubuntu-latest permissions: security-events: write - # contents: read # only needed for private or internal repos actions: read # only needed for private or internal repos - # + steps: - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 From 37bbd71f0d5f10beb57032d9d60be9998d366edf Mon Sep 17 00:00:00 2001 From: "updateclibot[bot]" <92153806+updateclibot[bot]@users.noreply.github.com> Date: Fri, 13 Mar 2026 07:19:11 +0000 Subject: [PATCH 7/7] chore(zizmor): install Zizmor gha action v0.5.2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Made with ❤️️ by updatecli --- .github/workflows/zizmor.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/zizmor.yaml b/.github/workflows/zizmor.yaml index e0b673b..e5f6488 100644 --- a/.github/workflows/zizmor.yaml +++ b/.github/workflows/zizmor.yaml @@ -13,9 +13,6 @@ jobs: runs-on: ubuntu-latest permissions: security-events: write - contents: read # only needed for private or internal repos - actions: read # only needed for private or internal repos - steps: - name: Checkout repository uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2