[Ideas] use zizmor to static analysis the GitHub Actions files and fix them #841
Replies: 1 comment
-
|
@yihong0618 Hey buddy. I am very much interested in this tool. Let me take a look and get back to you. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Description
As more and more attackers using GitHub Actions to steal the token or attack other users such as Mining Scripts
zizmor: https://woodruffw.github.io/zizmor/
more can check issue one-api or https://www.praetorian.com/blog/compromising-bytedances-rspack-github-actions-vulnerabilities/
we can use static check to avoid them as we can.
same request for opendal apache/opendal#5502
what do you think @edespino
Use case/motivation
No response
Related issues
No response
Are you willing to submit a PR?
Beta Was this translation helpful? Give feedback.
All reactions