Skip to content

chore(deps): update to vworkflows-maintenance-auto-approve-renovate-v… #55

chore(deps): update to vworkflows-maintenance-auto-approve-renovate-v…

chore(deps): update to vworkflows-maintenance-auto-approve-renovate-v… #55

Workflow file for this run

name: Security
on:
push:
branches: ['main']
pull_request:
branches: ['**']
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions: {}
jobs:
zizmor:
name: Zizmor
runs-on: ubuntu-latest
permissions:
contents: read # to fetch code
actions: read # to read action configurations
security-events: write # to upload SARIF results
steps:
- name: Harden Runner
uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
with:
egress-policy: block
allowed-endpoints: >
api.github.com:443
ghcr.io:443
github.com:443
pkg-containers.githubusercontent.com:443
- name: Checkout
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
with:
persist-credentials: false
- name: Run Zizmor
uses: zizmorcore/zizmor-action@135698455da5c3b3e55f73f4419e481ab68cdd95 # v0.4.1
with:
persona: pedantic