From 7a0f686f6e770d3431cf8b7a0ccb29eec2c46c5f Mon Sep 17 00:00:00 2001 From: Minsu Lee <1964421+amondnet@users.noreply.github.com> Date: Sun, 5 Jul 2026 18:56:34 +0900 Subject: [PATCH] ci: add zizmor workflow security analysis --- .github/workflows/zizmor.yml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 .github/workflows/zizmor.yml diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml new file mode 100644 index 0000000..fff6cf0 --- /dev/null +++ b/.github/workflows/zizmor.yml @@ -0,0 +1,21 @@ +name: zizmor + +on: + push: + branches: [main] + pull_request: + +permissions: {} + +jobs: + zizmor: + runs-on: ubuntu-latest + permissions: + contents: read + actions: read + security-events: write # SARIF upload to code scanning + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false + - uses: zizmorcore/zizmor-action@192e21d79ab29983730a13d1382995c2307fbcaa # v0.5.7