[Ideas] use zizmor to static analysis the GitHub Actions files and fix them #841
Unanswered
yihong0618
asked this question in
Ideas / Feature Requests
Replies: 1 comment
-
|
@yihong0618 Hey buddy. I am very much interested in this tool. Let me take a look and get back to you. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Description
As more and more attackers using GitHub Actions to steal the token or attack other users such as Mining Scripts
zizmor: https://woodruffw.github.io/zizmor/
more can check issue one-api or https://www.praetorian.com/blog/compromising-bytedances-rspack-github-actions-vulnerabilities/
we can use static check to avoid them as we can.
same request for opendal apache/opendal#5502
what do you think @edespino
Use case/motivation
No response
Related issues
No response
Are you willing to submit a PR?
Beta Was this translation helpful? Give feedback.
All reactions