GitHub / woodruffw/zizmor issues and pull requests
#340 - fix: handle context accesses following calls
Pull Request -
State: closed - Opened by woodruffw 7 months ago
- 1 comment
Labels: bugfix
#339 - [BUG]: couldn't parse expression: fromJson(...)
Issue -
State: closed - Opened by nedbat 7 months ago
- 1 comment
Labels: bug, triage
#338 - feat: detects well-known publisher actions in cache-audit
Pull Request -
State: closed - Opened by ubiratansoares 7 months ago
#337 - fix: excessive-permissions: be less noisy on one-job workflows
Pull Request -
State: closed - Opened by woodruffw 8 months ago
Labels: bugfix
#336 - False positive for the `excessive-permission` audit when there is a single job
Issue -
State: closed - Opened by pietroalbini 8 months ago
- 4 comments
Labels: bug, enhancement, false-positive
#335 - Add GUAC to the trophy case
Pull Request -
State: closed - Opened by funnelfiasco 8 months ago
Labels: documentation, chore
#334 - cache-poisoning: follow-up improvements
Issue -
State: closed - Opened by woodruffw 8 months ago
- 3 comments
Labels: enhancement
#333 - chore: prep 0.10.0
Pull Request -
State: closed - Opened by woodruffw 8 months ago
Labels: chore
#332 - chore: add a TODO
Pull Request -
State: closed - Opened by woodruffw 8 months ago
Labels: chore
#331 - feat: composite action support
Pull Request -
State: closed - Opened by woodruffw 8 months ago
- 2 comments
Labels: enhancement
#330 - feat: Fix Sarif schema and add rules to Sarif files
Pull Request -
State: closed - Opened by fcasal 8 months ago
Labels: enhancement
#328 - feat: add 'primary' locations
Pull Request -
State: closed - Opened by woodruffw 8 months ago
Labels: enhancement
#327 - self-hosted-runner: detect Github large runners
Issue -
State: open - Opened by ubiratansoares 8 months ago
- 2 comments
Labels: enhancement
#326 - fix: sarif: use ResultKind for kind
Pull Request -
State: closed - Opened by woodruffw 8 months ago
Labels: bugfix
#325 - docs: push per-audit docs further into codebase
Issue -
State: open - Opened by woodruffw 8 months ago
- 2 comments
Labels: documentation, enhancement
#324 - WIP: experiment with CodeQL for actions
Pull Request -
State: closed - Opened by woodruffw 8 months ago
- 1 comment
#323 - docs: more trophies
Pull Request -
State: closed - Opened by woodruffw 8 months ago
Labels: documentation, chore
#321 - feat: add support for .zizmor.yml files
Pull Request -
State: open - Opened by Zeitsperre 8 months ago
#320 - Feature: More zizmor configuration locations
Issue -
State: closed - Opened by Zeitsperre 8 months ago
- 3 comments
Labels: enhancement, question
#319 - feat: add zizmor Docker image
Pull Request -
State: closed - Opened by trallard 8 months ago
- 9 comments
#318 - feat: template-injection: filter static envs
Pull Request -
State: closed - Opened by woodruffw 8 months ago
Labels: enhancement, false-positive
#317 - fix: expands_to_static_values considers expressions inside strings
Pull Request -
State: closed - Opened by woodruffw 8 months ago
Labels: bugfix
#316 - ci: disable wheel builds on pull_request
Pull Request -
State: closed - Opened by woodruffw 8 months ago
Labels: chore
#315 - ci: pin more workflows, enable rust-cache in tests
Pull Request -
State: closed - Opened by woodruffw 8 months ago
Labels: chore
#314 - docs: bump trophies
Pull Request -
State: closed - Opened by woodruffw 8 months ago
Labels: documentation, chore
#313 - template-injection: eliminate false positives with the `env.*` context
Issue -
State: closed - Opened by woodruffw 8 months ago
- 2 comments
Labels: bug, false-positive
#312 - chore: remove FUNDING.yml
Pull Request -
State: closed - Opened by woodruffw 8 months ago
Labels: chore
#311 - docs: add socials, copyright to footer
Pull Request -
State: closed - Opened by woodruffw 8 months ago
Labels: documentation, chore
#310 - docs: more trophies
Pull Request -
State: closed - Opened by woodruffw 8 months ago
Labels: documentation, chore
#309 - fix: template-injection: more safe contexts
Pull Request -
State: closed - Opened by woodruffw 8 months ago
Labels: bugfix
#308 - chore(deps): bump github/codeql-action from 3.27.6 to 3.27.9 in the github-actions group
Pull Request -
State: closed - Opened by dependabot[bot] 8 months ago
Labels: dependencies, github_actions
#307 - chore(deps): bump serde from 1.0.215 to 1.0.216 in the cargo group
Pull Request -
State: closed - Opened by dependabot[bot] 8 months ago
Labels: dependencies, rust
#306 - Figure out an online testing strategy
Issue -
State: closed - Opened by woodruffw 8 months ago
- 3 comments
Labels: tests
#305 - docs: Fix typo in development.md
Pull Request -
State: closed - Opened by JustusFluegel 8 months ago
- 1 comment
Labels: documentation
#304 - refactor: use http-cache for caching, optimize network calls
Pull Request -
State: closed - Opened by woodruffw 8 months ago
- 4 comments
Labels: performance, refactor
#303 - docs: support commits in trophy case
Pull Request -
State: closed - Opened by woodruffw 8 months ago
Labels: documentation
#302 - Trophy case should accept individual commit links
Issue -
State: closed - Opened by girlbossceo 8 months ago
- 3 comments
Labels: documentation, enhancement
#301 - docs: update trophies
Pull Request -
State: closed - Opened by woodruffw 8 months ago
Labels: documentation, chore
#300 - chore: prep 0.9.2
Pull Request -
State: closed - Opened by woodruffw 8 months ago
Labels: chore
#299 - Spelling
Pull Request -
State: closed - Opened by jsoref 8 months ago
#298 - fix: uses context when evaluating static values from matrix expansions
Pull Request -
State: closed - Opened by ubiratansoares 8 months ago
- 2 comments
#297 - fix: template-injection: consider runner.tool_cache safe
Pull Request -
State: closed - Opened by woodruffw 8 months ago
Labels: bugfix
#296 - docs: more trophies
Pull Request -
State: closed - Opened by woodruffw 8 months ago
Labels: documentation
#295 - refactor: simplify use-trusted-publishing slightly
Pull Request -
State: closed - Opened by woodruffw 8 months ago
Labels: refactor
#294 - feat: initial cache-poisoning audit
Pull Request -
State: closed - Opened by ubiratansoares 8 months ago
- 7 comments
Labels: enhancement, new-audit
#293 - docs: fix emoji rendering
Pull Request -
State: closed - Opened by woodruffw 8 months ago
Labels: documentation, chore
#292 - docs: trophies, clean up install
Pull Request -
State: closed - Opened by woodruffw 8 months ago
Labels: documentation, chore
#290 - [BUG]: credential persistence through GitHub Actions artifacts
Issue -
State: open - Opened by dcampbell24 8 months ago
- 5 comments
Labels: bug
#289 - docs: more trophies
Pull Request -
State: closed - Opened by woodruffw 8 months ago
Labels: documentation, chore
#288 - new audit: encourage use of `shell: bash`
Issue -
State: open - Opened by lishaduck 8 months ago
- 5 comments
Labels: enhancement, help wanted, new-audit
#287 - docs: more trophies
Pull Request -
State: closed - Opened by woodruffw 8 months ago
Labels: documentation, chore
#286 - self-hosted-runner: detect non-GH runners that don't use `self-hosted`
Issue -
State: open - Opened by woodruffw 8 months ago
Labels: enhancement, false-negative
#285 - chore: prep 0.9.1
Pull Request -
State: closed - Opened by woodruffw 8 months ago
Labels: chore
#284 - fix: dont crash when an expression does not expand a matrix
Pull Request -
State: closed - Opened by ubiratansoares 8 months ago
- 1 comment
Labels: bugfix
#283 - [BUG]: 0.9.0 crashes with "job does not define a strategy or interior matrix"
Issue -
State: closed - Opened by Nateowami 8 months ago
- 5 comments
Labels: bug, triage
#282 - use-trusted-publishing: detect other PyPI uploading tools
Issue -
State: open - Opened by woodruffw 8 months ago
Labels: enhancement, false-negative
#281 - Feature: Announce "THANK YOU, DR. ZIZMOR" upon local completion when no issues are found
Issue -
State: closed - Opened by placer14 8 months ago
- 2 comments
Labels: enhancement
#280 - chore: prep 0.9.0
Pull Request -
State: closed - Opened by woodruffw 8 months ago
Labels: chore
#279 - docs: make the trophy case prettier
Pull Request -
State: closed - Opened by woodruffw 8 months ago
Labels: documentation
#278 - Design a static HTTP API for serving pre-computed information
Issue -
State: open - Opened by woodruffw 8 months ago
- 2 comments
Labels: enhancement, performance
#277 - fix: template-injection: ignore runner.temp
Pull Request -
State: closed - Opened by woodruffw 8 months ago
Labels: bugfix
#276 - docs: more trophies
Pull Request -
State: closed - Opened by woodruffw 8 months ago
Labels: documentation
#275 - docs: move the changelog to the docs
Issue -
State: closed - Opened by woodruffw 8 months ago
Labels: documentation
#274 - feat: evaluates a matrix expansion only once
Pull Request -
State: closed - Opened by ubiratansoares 8 months ago
Labels: performance
#273 - docs: record more users of zizmor
Pull Request -
State: closed - Opened by woodruffw 8 months ago
Labels: documentation, chore
#272 - fix: move artipacked pendantic finding to auditor
Pull Request -
State: closed - Opened by woodruffw 8 months ago
Labels: bugfix
#271 - Feature: Check referenced Action SHA to ensure authenticity
Issue -
State: closed - Opened by cedws 8 months ago
- 4 comments
Labels: enhancement
#270 - docs: Rename "unsecure" to insecure
Pull Request -
State: closed - Opened by szepeviktor 8 months ago
- 1 comment
Labels: documentation
#269 - [BUG]: "Unsecure" is really insecure
Issue -
State: closed - Opened by szepeviktor 8 months ago
- 1 comment
Labels: bug, triage
#268 - Add more projects to the trophy case
Pull Request -
State: closed - Opened by hugovk 8 months ago
#267 - fix: bump github-actions-models
Pull Request -
State: closed - Opened by woodruffw 8 months ago
#266 - docs: audits: add another env hacking reference
Pull Request -
State: closed - Opened by woodruffw 8 months ago
Labels: documentation
#265 - fix: download both .yml and .yaml from repos
Pull Request -
State: closed - Opened by woodruffw 8 months ago
Labels: bugfix
#264 - fix: bump annotate-snippets to fix crash
Pull Request -
State: open - Opened by woodruffw 8 months ago
Labels: bugfix
#263 - [BUG]: Emoji in workflow will crash Zizmor
Issue -
State: open - Opened by peterflat 8 months ago
- 4 comments
Labels: bug, question, triage
#262 - docs: update workflow name
Pull Request -
State: closed - Opened by woodruffw 8 months ago
Labels: documentation, chore
#261 - New audit: cache poisoning
Issue -
State: closed - Opened by woodruffw 8 months ago
- 8 comments
Labels: new-audit
#260 - New audit: old actions
Issue -
State: open - Opened by woodruffw 8 months ago
- 1 comment
Labels: new-audit
#259 - docs: add template-injection tips
Pull Request -
State: closed - Opened by woodruffw 8 months ago
- 4 comments
Labels: documentation
#258 - chore(deps): bump the cargo group with 4 updates
Pull Request -
State: closed - Opened by dependabot[bot] 8 months ago
Labels: dependencies, rust
#257 - chore: Makefile: avoid a venv
Pull Request -
State: closed - Opened by woodruffw 8 months ago
Labels: chore
#256 - chore: move site-requirements to a PEP 735 dependency group
Issue -
State: open - Opened by woodruffw 8 months ago
- 1 comment
Labels: blocked, chore, refactor
#255 - docs: switch GHA example to uvx
Pull Request -
State: closed - Opened by woodruffw 8 months ago
Labels: documentation
#254 - fix: template-injection: ignore another safe context
Pull Request -
State: closed - Opened by woodruffw 8 months ago
Labels: bugfix
#253 - Feature: add an audit rule for using actions that include themselves unpinned dependencies
Issue -
State: closed - Opened by netomi 8 months ago
- 3 comments
Labels: enhancement
#252 - ci: make zizmor.yml very fast with uvx
Pull Request -
State: closed - Opened by woodruffw 8 months ago
Labels: chore
#251 - chore(deps): bump the github-actions group with 2 updates
Pull Request -
State: closed - Opened by dependabot[bot] 8 months ago
Labels: dependencies, github_actions
#250 - ci: use alls-green
Pull Request -
State: closed - Opened by woodruffw 8 months ago
Labels: chore
#249 - experimental MSRV
Pull Request -
State: closed - Opened by woodruffw 8 months ago
- 2 comments
Labels: chore
#248 - feat: remove --no-progress
Pull Request -
State: closed - Opened by woodruffw 8 months ago
Labels: cli
#247 - docs: update pre-commit docs to point to new repo
Pull Request -
State: closed - Opened by woodruffw 8 months ago
Labels: documentation
#246 - fix: handle non-static env: in job steps
Pull Request -
State: closed - Opened by woodruffw 8 months ago
Labels: bugfix
#244 - Docs: trophy case: make a pretty grid or similar
Issue -
State: closed - Opened by woodruffw 8 months ago
- 1 comment
Labels: documentation
#243 - docs: add a trophy case
Pull Request -
State: closed - Opened by woodruffw 8 months ago
Labels: documentation
#242 - docs: document installing with PyPI
Pull Request -
State: closed - Opened by woodruffw 8 months ago
Labels: documentation
#241 - ci: add a maturin matrix for PyPI releases
Pull Request -
State: closed - Opened by woodruffw 8 months ago
Labels: chore
#239 - docs: restore search plugin
Pull Request -
State: closed - Opened by lazka 8 months ago
- 1 comment
Labels: documentation
#238 - fix: template-injection: ignore issue/PR numbers
Pull Request -
State: closed - Opened by woodruffw 8 months ago
Labels: bugfix
#237 - audit: use-trusted-publishing should emit a pedantic result when TP is used without an environment
Issue -
State: open - Opened by woodruffw 8 months ago
Labels: enhancement
#236 - [BUG]: Can't use with pre-commit.ci or Ubuntu 24.04 (without updating Rust)
Issue -
State: closed - Opened by larsoner 8 months ago
- 13 comments
Labels: bug, dependencies