UID2-7011: add zizmor workflow-security scan (report-only) #2
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Zizmor Scan | |
| on: | |
| pull_request: | |
| # Trigger when anything zizmor scans changes. The scan itself covers the | |
| # whole repo; if this repo keeps composite actions outside .github/, add | |
| # those paths so changes there don't slip through. | |
| paths: | |
| - '.github/**' | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| jobs: | |
| zizmor: | |
| # Bare call: severity floors inherit the shared workflow's central defaults | |
| # (report-only, High), so org-wide retunes are a single change in | |
| # uid2-shared-actions. See the zizmor section of its README. | |
| uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-zizmor-scan.yaml@v3 |