Add Static Security Analysis of GitHub Actions Workflows#4606

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Jump to bottom

Merged

Bibo-Joshi merged 7 commits intomasterfromzizmor

Dec 13, 2024

Merged

Add Static Security Analysis of GitHub Actions Workflows#4606

Bibo-Joshi merged 7 commits intomasterfromzizmor

Dec 13, 2024

Conversation

Copy link

Member

Bibo-Joshi commentedDec 13, 2024•
edited
Loading

Inspired by

Edit:

I tested that the modified pypi release workflows still work correctly
I decided to set up a workflow for this instead of using pre-commit because
1. this enables to use theonline audits
2. workflows are rarely updated so that adding a pre-commit hook for that seems like an unnecessary additional install step on local end to me
As far as I see, dependabot is able to update actions that are pinned with a sha

Add Static Security Analysis of GitHub Actions Workflows

c37d66f

Bibo-Joshi added ⚙️ security

affected functionality: security

🔗 github-actions

related technology: github-actions

⚙️ ci-cidaffected functionality: ci-cid labels

Dec 13, 2024

Copy link

github-advanced-securitybot commentedDec 13, 2024

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear onthis overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check outthe documentation.