sedona icon indicating copy to clipboard operation
sedona copied to clipboard
verified publisher icon apache

Add `zizmor` with pre-commit

Open jbampton opened this issue 7 months ago • 2 comments

"zizmor is a static analysis tool for GitHub Actions.

It can find many common security issues in typical GitHub Actions CI/CD setups"

https://docs.zizmor.sh/

https://github.com/zizmorcore/zizmor

https://github.com/zizmorcore/zizmor-pre-commit

jbampton avatar Jun 05 '25 22:06 jbampton

Hi @jbampton, is this issue available to be picked up?

Swastyy avatar Jul 08 '25 12:07 Swastyy

@Swastyy you can work on this if you can add a zizmor config file and the various audit rules and ignores and test locally with pre-commit.

We have docs on pre-commit here:

https://sedona.apache.org/latest-snapshot/setup/compile/#pre-commit

We have a PR for this but the developer was not able to implement the audit rules and ignores.

jbampton avatar Jul 08 '25 12:07 jbampton