bdk-ffi icon indicating copy to clipboard operation
bdk-ffi copied to clipboard
verified publisher icon bitcoindevkit

Use zizmor to audit github actions

Open notmandatory opened this issue 1 year ago • 3 comments

Describe the enhancement

We should audit github actions to make sure an attacker can't publish compromised bdk-ffi binaries.

see: https://discord.com/channels/753336465005608961/754077749282471937/1317184034010435625

Use case

See documentation for zizmor.

Additional context

See: https://github.com/bitcoindevkit/bdk/issues/1775.

notmandatory avatar Dec 14 '24 01:12 notmandatory

Hello @notmandatory, what's the progress status on the issue? I would like to work on it.

aagbotemi avatar Apr 02 '25 13:04 aagbotemi

Feel free to pick it up @aagbotemi!

thunderbiscuit avatar Apr 02 '25 13:04 thunderbiscuit

Alright.

aagbotemi avatar Apr 02 '25 20:04 aagbotemi