Skip to content

UID2-7011: add zizmor workflow-security scan (report-only)#2634

Open
swibi-ttd wants to merge 1 commit into
mainfrom
swi-UID2-7011-zizmor-scan
Open

UID2-7011: add zizmor workflow-security scan (report-only)#2634
swibi-ttd wants to merge 1 commit into
mainfrom
swi-UID2-7011-zizmor-scan

Conversation

@swibi-ttd

@swibi-ttd swibi-ttd commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Adds the zizmor GitHub Actions security scan (UID2-7011) as a report-only check: it blocks nothing and shows findings (High severity and above) in the job summary when workflow files change.

The caller is deliberately bare — severity floors inherit the shared workflow's central defaults, so org-wide retunes are a single change in uid2-shared-actions rather than per-repo PRs. See the zizmor section of the uid2-shared-actions README.

Part of the org-wide rollout tracked in UID2-7011; gating comes later, after existing High findings are fixed.

🤖 Generated with Claude Code

@swibi-ttd swibi-ttd force-pushed the swi-UID2-7011-zizmor-scan branch from c9c1945 to 91990ae Compare July 3, 2026 04:25
Bare caller of the shared scan: severity floors inherit central defaults
(report-only, High) and are overridable per-repo via ZIZMOR_* Actions
variables. Part of the UID2-7011 org-wide rollout.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@swibi-ttd swibi-ttd force-pushed the swi-UID2-7011-zizmor-scan branch from 91990ae to 04ce07a Compare July 3, 2026 04:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant