Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Github Actions -- zizmor #6954

Open
dcampbell24 opened this issue Dec 12, 2024 · 6 comments
Open

Github Actions -- zizmor #6954

dcampbell24 opened this issue Dec 12, 2024 · 6 comments

Comments

@dcampbell24
Copy link
Contributor

dcampbell24 commented Dec 12, 2024
edited
Loading

I found out about this utility to check your Github Actions files for security flaws and it complains about your files a lot.

cargo install zizmor
zizmor .github/workflows/*.yml
@dcampbell24 dcampbell24 changed the title zizmor Github Actions -- zizmor Dec 12, 2024
@sylvestre
Copy link
Contributor

Could you please share the output ? :)

@dcampbell24
Copy link
Contributor Author

There are 278 findings, how do I share that? It makes for a long file.

@dcampbell24
Copy link
Contributor Author

Can you just install and run zizmor? It is a Rust project.

@sylvestre
Copy link
Contributor

sure

@dcampbell24
Copy link
Contributor Author

You may want to run it as zizmor --min-severity high .github/workflows/*.yml to start and work your way down from there, as there are a lot of errors and warnings.

@dcampbell24
Copy link
Contributor Author

I posted all of the errors via a pull request: #6968. Click on the Details of zizmor.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dcampbell24 @sylvestre