File tree Expand file tree Collapse file tree 1 file changed +29
-0
lines changed Expand file tree Collapse file tree 1 file changed +29
-0
lines changed Original file line number Diff line number Diff line change @@ -112,6 +112,34 @@ jobs:
112112 env:
113113 SEMGREP_RULES: p/default
114114
115+ zizmor :
116+ name : zizmor
117+ runs-on : ubuntu-24.04
118+ permissions :
119+ security-events : write
120+ # required for workflows in private repositories
121+ contents : read
122+ actions : read
123+ steps :
124+ - name : Checkout repository
125+ uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
126+ with :
127+ persist-credentials : false
128+
129+ - name : Install the latest version of uv
130+ uses : astral-sh/setup-uv@v5
131+
132+ - name : Run zizmor 🌈
133+ run : uvx zizmor --format sarif . > results.sarif
134+ env :
135+ GH_TOKEN : ${{ secrets.GITHUB_TOKEN }}
136+
137+ - name : Upload SARIF file
138+ uses : github/codeql-action/upload-sarif@v3
139+ with :
140+ sarif_file : results.sarif
141+ category : zizmor
142+
115143 complete :
116144 name : Static Analysis (complete)
117145 needs :
@@ -121,6 +149,7 @@ jobs:
121149 - ' semgrep'
122150 - ' dd-software-composition-analysis'
123151 - ' dd-static-analysis'
152+ - ' zizmor'
124153 runs-on : ubuntu-24.04
125154 steps :
126155 - run : echo "Done"
You can’t perform that action at this time.
0 commit comments