Skip to content

Run zizmor for static analysis of .github/workflows/#2301

Merged
vitaliyf merged 1 commit intomainfrom
vitaliyf/zizmor-gha-workflows
Jul 2, 2025
Merged

Run zizmor for static analysis of .github/workflows/#2301
vitaliyf merged 1 commit intomainfrom
vitaliyf/zizmor-gha-workflows

Conversation

@vitaliyf
Copy link
Copy Markdown
Contributor

@vitaliyf vitaliyf commented Jul 2, 2025

@vitaliyf vitaliyf requested a review from a team July 2, 2025 15:21
@vitaliyf vitaliyf self-assigned this Jul 2, 2025
@vitaliyf vitaliyf requested a review from a team as a code owner July 2, 2025 15:21
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Jul 2, 2025
edited
Loading

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 1 package(s) with unknown licenses.
See the Details below.

License Issues

.github/workflows/ci-gha-workflows.yaml

PackageVersionLicenseIssue Type
zizmorcore/zizmor-actionf52a838cfabf134edcbaa7c8b3677dde20045018NullUnknown License

OpenSSF Scorecard

PackageVersionScoreDetails
actions/actions/checkout 4.*.* 🟢 5.2
Details
CheckScoreReason
Binary-Artifacts🟢 10no binaries found in the repo
Maintained⚠️ 01 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 10all changesets reviewed
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Packaging⚠️ -1packaging workflow not detected
Signed-Releases⚠️ -1no releases found
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Security-Policy🟢 9security policy file detected
Branch-Protection⚠️ -1internal error: error during GetBranch(releases/v2): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration
SAST🟢 9SAST tool detected but not run on all commits
Vulnerabilities⚠️ 010 existing vulnerabilities detected
actions/zizmorcore/zizmor-action f52a838cfabf134edcbaa7c8b3677dde20045018 UnknownUnknown

Scanned Files

  • .github/workflows/ci-gha-workflows.yaml

@vitaliyf vitaliyf force-pushed the vitaliyf/zizmor-gha-workflows branch from 4637526 to 7c0b93f Compare July 2, 2025 15:22
@github-advanced-security
Copy link
Copy Markdown

github-advanced-security bot commented Jul 2, 2025

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

fractalwrench
fractalwrench approved these changes Jul 2, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@fractalwrench fractalwrench left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@vitaliyf vitaliyf merged commit 9f8c1de into main Jul 2, 2025
13 checks passed
@vitaliyf vitaliyf deleted the vitaliyf/zizmor-gha-workflows branch July 2, 2025 17:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fractalwrench fractalwrench fractalwrench approved these changes

Assignees

@vitaliyf vitaliyf

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@vitaliyf @github-advanced-security @fractalwrench