Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add zizmor workflow security checker #71

Merged
merged 1 commit into from
Dec 18, 2024
Merged

Add zizmor workflow security checker #71

merged 1 commit into from
Dec 18, 2024

Conversation

Zeitsperre
Copy link

@Zeitsperre Zeitsperre commented Dec 17, 2024
edited
Loading

What kind of change does this PR introduce?

  • Adds the zizmor checker to pre-commit for performing security checks on GitHub Workflows
  • Disables persist-credentials on all workflows (this should be the default).
  • Performs some light code formatting.

Does this PR introduce a breaking change?

No.

Other information:

https://github.com/woodruffw/zizmor

The current pull_request_target workflows are insecure by design. There are ways of hardening these from attacks using reusable workflows. I'm looking into this at the moment.

@Zeitsperre Zeitsperre added the enhancement New feature or request label Dec 17, 2024
@Zeitsperre Zeitsperre requested a review from RondeauG December 17, 2024 16:33
@Zeitsperre Zeitsperre self-assigned this Dec 17, 2024
@Zeitsperre Zeitsperre merged commit 63f44fc into main Dec 18, 2024
8 checks passed
@Zeitsperre Zeitsperre deleted the zizmor branch December 18, 2024 19:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@RondeauG RondeauG RondeauG approved these changes

Assignees

@Zeitsperre Zeitsperre

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Zeitsperre @RondeauG