New Features 🌈🔗 New audit: undocumented-permissions detects explicit permission grants that lack an explanatory comment (#1131) Many thanks to @johnbillion for proposing and implementing this aud...
This is a huge new release, with multiple new features, enhancements, and bugfixes! New Features 🌈🔗 New audit: anonymous-definition detects unnamed workflows and actions. Definitions without a na...
New Features 🌈🔗 New audit: unsound-condition detects if: conditions that inadvertently always evaluate to true (#1053) Enhancements 🌱🔗 The cache-poisoning audit now supports auto-fixes for many ...
In order to harden our infrastructure and pipelines, we have introduced the open source tool Zizmor into our CI/CD pipelines.
Static analysis for GitHub Actions. Contribute to zizmorcore/zizmor development by creating an account on GitHub.
Static analysis for GitHub Actions. Contribute to zizmorcore/zizmor development by creating an account on GitHub.
A comprehensive guide to securing your Python dependencies from ingestion to deployment, covering linting, pinning, vulnerability scanning, SBOMs, and attestations
A survey of dependency cooldown support across package managers and update tools.
Static analysis for GitHub Actions. Contribute to zizmorcore/zizmor development by creating an account on GitHub.
Run zizmor from GitHub Actions 🌈
In order to harden our infrastructure and pipelines, we have introduced the open source tool Zizmor into our CI/CD pipelines.
Insights and guidance from our engineering team on how Astral secures its tools.
A survey of dependency cooldown support across package managers and update tools.