-
Notifications
You must be signed in to change notification settings - Fork 0
30 lines (26 loc) · 879 Bytes
/
zizmor.yml
File metadata and controls
30 lines (26 loc) · 879 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
name: GitHub Actions Security Analysis with zizmor
# Note: on key treated as boolean key by YAML
# https://github.com/adrienverge/yamllint/issues/158#issuecomment-454313233
# However, GitHub Actions documentation is consistent in using it unquoted.
on: # yamllint disable-line rule:truthy
push:
branches: ['main']
pull_request:
branches: ['**']
schedule:
# Run once a month (at 8:40 AM UTC) to check for exogenous breakage.
- cron: '40 8 2 * *'
workflow_dispatch: {}
permissions: {}
jobs:
zizmor:
runs-on: ubuntu-latest
permissions:
security-events: write
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: Run zizmor
uses: zizmorcore/zizmor-action@71321a20a9ded102f6e9ce5718a2fcec2c4f70d8 # v0.5.2