Skip to content

ci(zizmor): enforce high/high GitHub Actions security gate#6

Open
netram-netizen wants to merge 1 commit into
mainfrom
security/enforce-zizmor
Open

ci(zizmor): enforce high/high GitHub Actions security gate#6
netram-netizen wants to merge 1 commit into
mainfrom
security/enforce-zizmor

Conversation

@netram-netizen

Copy link
Copy Markdown

Adds the org-standard zizmor.yml workflow, gating GitHub Actions security findings at high severity / high confidence (per policies/zizmor.md).

  • Runs on PRs (all branches) and push to the default branch.
  • advanced-security: false → a high/high finding fails the check (fail-closed).
  • Action steps SHA-pinned; least-privilege permissions.

Opened as draft: local offline scans are clean at high/high, but this workflow run also executes the online audits (known-vulnerable-actions, impostor-commit, ref-confusion, stale-action-refs). Will be marked ready once the check passes.

🤖 Generated with Claude Code

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@netram-netizen netram-netizen marked this pull request as ready for review July 13, 2026 09:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant