Data

Tools

Indexes

Applications

Experiments

Issues

An open API service for providing issue and pull request metadata for open source projects.

GitHub / woodruffw/zizmor issues and pull requests

#771 - chore(docs): more social links

Pull Request - State: closed - Opened by woodruffw 3 months ago
Labels: documentation, chore

#770 - chore(docs): change URL

Pull Request - State: closed - Opened by woodruffw 3 months ago
Labels: documentation, chore

#769 - chore: switch to docs.zizmor.sh

Pull Request - State: closed - Opened by woodruffw 3 months ago
Labels: chore

#768 - chore: prep for v1.7.0 release

Pull Request - State: closed - Opened by woodruffw 3 months ago
Labels: chore

#767 - chore(docs): update release notes

Pull Request - State: closed - Opened by woodruffw 3 months ago
Labels: documentation, chore

#766 - Feature: Figure out how to detect immutable actions

Issue - State: open - Opened by woodruffw 3 months ago
Labels: blocked

#765 - feat: tab completion

Pull Request - State: closed - Opened by woodruffw 3 months ago
Labels: enhancement

#764 - Feature: reduce GitHub REST API usage in favor of clones?

Issue - State: open - Opened by woodruffw 3 months ago
Labels: performance

#763 - chore(docs): bump trophies

Pull Request - State: closed - Opened by woodruffw 3 months ago
Labels: documentation, chore

#762 - Feature: `obfuscation` audit should check for computed indices

Issue - State: open - Opened by woodruffw 3 months ago
Labels: enhancement

#761 - chore(docs): bump trophies

Pull Request - State: closed - Opened by woodruffw 3 months ago
Labels: documentation, chore

#760 - chore(docs): bump trophies

Pull Request - State: closed - Opened by woodruffw 3 months ago
Labels: documentation, chore

#759 - chore(docs): mention @zizmorcore plans

Pull Request - State: closed - Opened by woodruffw 3 months ago
Labels: documentation, chore

#758 - Move zizmor to its own GitHub org

Issue - State: open - Opened by woodruffw 3 months ago - 5 comments
Labels: chore

#757 - chore(docs): add Discord badge to README and docs

Pull Request - State: closed - Opened by woodruffw 3 months ago
Labels: documentation, chore

#756 - PSA: Official Discord server!

Issue - State: open - Opened by woodruffw 3 months ago

#755 - [BUG] False positive detection for artipacked when `persist-credentials: false` is properly set

Issue - State: open - Opened by woodruffw 3 months ago - 2 comments
Labels: bug, triage

#753 - chore: cleanup

Pull Request - State: closed - Opened by woodruffw 3 months ago

#752 - refactor: remove old repo matching APIs

Pull Request - State: closed - Opened by woodruffw 3 months ago
Labels: refactor

#751 - chore(docs): document repository patterns better

Pull Request - State: closed - Opened by woodruffw 3 months ago
Labels: documentation, chore

#750 - feat: extend RepositoryUsesPattern to allow exact ref patterns

Pull Request - State: closed - Opened by woodruffw 3 months ago
Labels: enhancement

#748 - feat: handle reducible index subexpressions

Pull Request - State: closed - Opened by woodruffw 3 months ago
Labels: enhancement, refactor

#747 - chore(deps): bump the github-actions group with 3 updates

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago
Labels: dependencies, github_actions

#746 - Feature: wrong value in ternary pattern

Issue - State: open - Opened by daeho-ro 3 months ago - 2 comments
Labels: enhancement

#745 - [WIP] experiment with extracting contexts from webhook schemata

Pull Request - State: open - Opened by woodruffw 3 months ago
Labels: enhancement

#744 - chore: remove old TODO comment

Pull Request - State: closed - Opened by woodruffw 3 months ago
Labels: chore

#743 - feat: extend template injection audit & use CodeQL models

Pull Request - State: open - Opened by Marcono1234 3 months ago - 1 comment

#742 - Feature: detect no-op conditions

Issue - State: open - Opened by woodruffw 3 months ago
Labels: enhancement, help wanted

#741 - docs: alpha sort audit doc contents by audit name

Pull Request - State: closed - Opened by trumant 3 months ago
Labels: documentation

#740 - feat: emit pedantic finding for tagged OCI images

Pull Request - State: closed - Opened by trumant 3 months ago - 1 comment
Labels: enhancement

#739 - chore(docs): put examples in example blocks

Pull Request - State: closed - Opened by woodruffw 3 months ago
Labels: documentation, chore

#738 - Feature: `unpinned-images` could discover `docker pull ...` patterns in `run:` clauses

Issue - State: open - Opened by woodruffw 3 months ago - 1 comment
Labels: enhancement

#737 - Feature: policies for `unpinned-images`

Issue - State: open - Opened by woodruffw 3 months ago - 1 comment
Labels: enhancement

#735 - [BUG]: impostor-commit audit tries lookup on wrong github instance

Issue - State: open - Opened by dankress 3 months ago - 2 comments
Labels: bug, ghes

#734 - refactor: begin splitting out syntax/sema error handling

Pull Request - State: closed - Opened by woodruffw 3 months ago - 1 comment
Labels: bugfix, refactor

#733 - feat: add unpinned-container-images check

Pull Request - State: closed - Opened by trumant 3 months ago - 4 comments
Labels: enhancement, new-audit

#732 - bugfix: warn on parse errors instead of panic

Pull Request - State: closed - Opened by jamesc-grafana 3 months ago - 6 comments

#731 - bugfix: fix edge case in remote audit input collection

Pull Request - State: closed - Opened by woodruffw 3 months ago - 1 comment
Labels: bugfix

#730 - New audit: Dependabot privilege escalation

Issue - State: open - Opened by Marcono1234 3 months ago - 4 comments
Labels: enhancement, new-audit, discussion

#729 - chore: remove duplicate context

Pull Request - State: closed - Opened by Marcono1234 3 months ago
Labels: chore

#728 - doc: mention insta `--force-update-snapshots`

Pull Request - State: closed - Opened by Marcono1234 3 months ago
Labels: documentation

#727 - chore(docs): bump trophies

Pull Request - State: closed - Opened by woodruffw 3 months ago
Labels: documentation, chore

#726 - [BUG]: Non-Action yaml file fails remote audit (but not local)

Issue - State: closed - Opened by toopricey 3 months ago - 5 comments
Labels: bug, triage

#725 - [BUG] `zizmor` aborts on empty workflow files

Issue - State: closed - Opened by woodruffw 3 months ago - 2 comments
Labels: bug

#723 - New audit: Caching sensitive files

Issue - State: open - Opened by Marcono1234 3 months ago - 1 comment
Labels: enhancement, new-audit

#722 - chore(deps): cargo update

Pull Request - State: closed - Opened by woodruffw 3 months ago
Labels: chore, dependencies

#721 - chore(ci): fix makefile target

Pull Request - State: closed - Opened by woodruffw 3 months ago
Labels: chore, ci/cd

#720 - chore(ci): add refresh-schemas workflow

Pull Request - State: closed - Opened by woodruffw 3 months ago
Labels: chore, ci/cd

#719 - feat: more informative error message

Pull Request - State: closed - Opened by woodruffw 3 months ago

#718 - Refactor: bring `github-actions-models` and `yamlpath` into this repo

Issue - State: open - Opened by woodruffw 3 months ago
Labels: chore, refactor

#717 - chore(docs): bump trophies

Pull Request - State: closed - Opened by woodruffw 3 months ago
Labels: documentation, chore

#716 - test: update snapshot expressions

Pull Request - State: closed - Opened by Marcono1234 3 months ago - 3 comments
Labels: tests, chore

#715 - chore(docs): bump trophies

Pull Request - State: closed - Opened by woodruffw 3 months ago
Labels: documentation, chore

#714 - Feature: Support enabling / disabling audits

Issue - State: open - Opened by Marcono1234 3 months ago - 3 comments
Labels: enhancement

#713 - feat: new audit: stale-action-refs

Pull Request - State: closed - Opened by Marcono1234 3 months ago - 1 comment

#712 - chore(docs): bump trophies

Pull Request - State: closed - Opened by woodruffw 3 months ago
Labels: documentation, chore

#711 - New audit: "YOLO" binaries

Issue - State: open - Opened by woodruffw 3 months ago
Labels: enhancement, new-audit

#710 - bugfix: sarif: prefix ID, add rule names

Pull Request - State: closed - Opened by woodruffw 3 months ago - 2 comments
Labels: bugfix, test-sarif-presentation

#709 - [BUG]: sarif output looks ugly in VS Code sarif viewer

Issue - State: closed - Opened by jsoref 3 months ago - 6 comments
Labels: bug

#708 - chore(docs): bump trophies

Pull Request - State: closed - Opened by woodruffw 3 months ago
Labels: documentation, chore

#707 - chore: models: remove pub(crate) from some fields

Pull Request - State: closed - Opened by woodruffw 3 months ago
Labels: chore

#706 - chore(docs): bump trophies

Pull Request - State: closed - Opened by woodruffw 3 months ago
Labels: documentation, chore

#705 - chore(docs): hash-pin setup-uv in usage.md

Pull Request - State: closed - Opened by woodruffw 3 months ago
Labels: documentation, chore

#704 - New audit: `unpinned-images`

Issue - State: closed - Opened by woodruffw 3 months ago - 4 comments
Labels: enhancement, new-audit

#703 - feat: further reduce step handling code duplication

Pull Request - State: closed - Opened by Marcono1234 3 months ago - 2 comments
Labels: enhancement, refactor

#702 - chore(deps): bump insta from 1.42.2 to 1.43.0 in the cargo group

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago
Labels: dependencies, rust

#701 - chore(deps): bump the github-actions group with 4 updates

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago
Labels: dependencies, github_actions

#700 - chore(docs): update trophies

Pull Request - State: closed - Opened by woodruffw 3 months ago
Labels: documentation, chore

#699 - chore(docs): update trophies

Pull Request - State: closed - Opened by woodruffw 3 months ago
Labels: documentation, chore

#698 - tests: check zizmor exit code

Pull Request - State: closed - Opened by Marcono1234 3 months ago - 5 comments
Labels: tests

#697 - feat: reduce code duplication for workflow step handling

Pull Request - State: closed - Opened by Marcono1234 3 months ago - 1 comment
Labels: refactor

#696 - bugfix: fix e2e test failures on Windows

Pull Request - State: closed - Opened by Marcono1234 3 months ago

#695 - chore: github_api: deduplicate resp handling

Pull Request - State: closed - Opened by woodruffw 3 months ago
Labels: chore, refactor

#694 - chore(docs): bump trophies

Pull Request - State: closed - Opened by woodruffw 3 months ago
Labels: documentation, chore

#693 - feat: github_api: improve 403 errors slightly

Pull Request - State: closed - Opened by woodruffw 3 months ago
Labels: enhancement

#692 - docs: extend remediation for dangerous-triggers

Pull Request - State: closed - Opened by Marcono1234 3 months ago
Labels: documentation

#691 - [BUG]: "fatal: no audit was performed" caused by 403 forbidden

Issue - State: closed - Opened by huornlmj 3 months ago - 4 comments
Labels: bug

#690 - Feature: Use app token for private repos, GHA's default token for public repos

Issue - State: open - Opened by arianvp 3 months ago - 5 comments
Labels: enhancement, blocked

#688 - docs: recommend GitHubSecurityLab/actions-permissions

Pull Request - State: closed - Opened by Marcono1234 3 months ago - 1 comment
Labels: documentation

#687 - chore(docs): clarify default rule in explicit config

Pull Request - State: closed - Opened by woodruffw 3 months ago
Labels: documentation, chore

#686 - chore(deps): bump the cargo group with 2 updates

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago
Labels: dependencies, rust

#685 - chore(deps): bump astral-sh/setup-uv from 5.4.1 to 5.4.2 in the github-actions group

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago
Labels: dependencies, github_actions

#684 - Feature: Audit for `pull_request_target` used for Dependabot & Renovate auto approve / merge

Issue - State: closed - Opened by Marcono1234 3 months ago - 4 comments
Labels: enhancement

#683 - feat: new audit: obfuscation

Pull Request - State: closed - Opened by woodruffw 3 months ago
Labels: enhancement, new-audit

#682 - docs: bump trophies

Pull Request - State: closed - Opened by woodruffw 3 months ago
Labels: documentation, chore

#681 - chore: prep for release 1.6.0

Pull Request - State: closed - Opened by woodruffw 3 months ago
Labels: chore

#680 - Feature: Check `pull_request_target` workflows on all branches

Issue - State: open - Opened by Marcono1234 3 months ago - 4 comments
Labels: enhancement

#679 - chore: bump github-actions-models to 0.28.1

Pull Request - State: closed - Opened by woodruffw 3 months ago
Labels: chore, dependencies

#678 - Feature: Recursion through reusable workflows + composite actions.

Issue - State: open - Opened by woodruffw 3 months ago - 1 comment
Labels: enhancement

#676 - Feature: specific references in forbidden-uses

Issue - State: closed - Opened by jcgruenhage 3 months ago - 5 comments
Labels: enhancement, config

#675 - bugfix: template-injection: mark another context as safe

Pull Request - State: closed - Opened by woodruffw 3 months ago
Labels: false-positive, bugfix

#674 - Feature: Handle `template-injection` allowlisting schematically

Issue - State: open - Opened by woodruffw 3 months ago - 2 comments
Labels: enhancement

#671 - docs: bump trophies

Pull Request - State: closed - Opened by woodruffw 3 months ago
Labels: documentation, chore

#670 - feat: generalize RepositoryUsesPattern

Pull Request - State: closed - Opened by woodruffw 3 months ago - 1 comment
Labels: enhancement

#669 - Rethink `uses` patterns

Issue - State: closed - Opened by woodruffw 3 months ago

#668 - chore(docs): bump trophies

Pull Request - State: closed - Opened by woodruffw 3 months ago
Labels: documentation, chore

#667 - ci: convert Dockerfile to Wolfi

Pull Request - State: closed - Opened by eslerm 3 months ago - 2 comments
Labels: enhancement

#666 - chore(deps): bump the cargo group with 4 updates

Pull Request - State: closed - Opened by dependabot[bot] 3 months ago
Labels: dependencies, rust