lmstudio-ai / venvstacks

Virtual environment stacks for Python
https://lmstudio-ai.github.io/venvstacks/
MIT License
1 stars 0 forks source link

Scan GitHub workflows with zizmor #50

Closed ncoghlan closed 23 hours ago

ncoghlan commented 2 days ago

Static security analysis tool for GitHub action configs: https://github.com/woodruffw/zizmor

(discovered via one of the other Python core developers running it on the CPython repo and reporting the results)

ncoghlan commented 2 days ago

51 addresses the initial scan result, but keeping this issue open as any change to the workflows should automatically re-run the scan and upload the SARIF results.

ncoghlan commented 2 days ago

51 has been updated to also include an automated scan (as per https://github.com/woodruffw/zizmor/issues/69)

ncoghlan commented 2 days ago

While #51 mostly implemented this CI feature, it can only be fully resolved once the repository has been published: