Skip to content

UID2-7011: add zizmor workflow-security scan (report-only)#149

Open
swibi-ttd wants to merge 1 commit into
mainfrom
swi-UID2-7011-zizmor-scan
Open

UID2-7011: add zizmor workflow-security scan (report-only)#149
swibi-ttd wants to merge 1 commit into
mainfrom
swi-UID2-7011-zizmor-scan

Conversation

@swibi-ttd

@swibi-ttd swibi-ttd commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Adds the zizmor GitHub Actions security scan (UID2-7011) as a report-only check: it blocks nothing and shows findings (High severity and above) in the job summary when workflow files change.

The caller is deliberately bare — severity floors inherit the shared workflow's central defaults, so org-wide retunes are a single change in uid2-shared-actions rather than per-repo PRs. See the zizmor section of the uid2-shared-actions README.

Part of the org-wide rollout tracked in UID2-7011; gating comes later, after existing High findings are fixed.

🤖 Generated with Claude Code

@swibi-ttd swibi-ttd force-pushed the swi-UID2-7011-zizmor-scan branch from 33e8c2c to 7b0210d Compare July 3, 2026 04:27
Bare caller of the shared scan: severity floors inherit central defaults
(report-only, High) and are overridable per-repo via ZIZMOR_* Actions
variables. Part of the UID2-7011 org-wide rollout.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@swibi-ttd swibi-ttd force-pushed the swi-UID2-7011-zizmor-scan branch from 7b0210d to b6d9f92 Compare July 3, 2026 04:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant