-
-
Notifications
You must be signed in to change notification settings - Fork 66
Insights: woodruffw/zizmor
Overview
Could not load contribution data
Please try again later
19 Pull requests merged by 4 people
-
chore(docs): bump trophies
#763 merged
May 7, 2025 -
chore(docs): bump trophies
#761 merged
May 7, 2025 -
chore(docs): bump trophies
#760 merged
May 7, 2025 -
chore(docs): mention @zizmorcore plans
#759 merged
May 7, 2025 -
chore(docs): add Discord badge to README and docs
#757 merged
May 7, 2025 -
chore: cleanup
#753 merged
May 6, 2025 -
refactor: remove old repo matching APIs
#752 merged
May 6, 2025 -
chore(docs): document repository patterns better
#751 merged
May 6, 2025 -
feat: extend RepositoryUsesPattern to allow exact ref patterns
#750 merged
May 6, 2025 -
feat: handle reducible index subexpressions
#748 merged
May 5, 2025 -
chore(deps): bump the github-actions group with 3 updates
#747 merged
May 5, 2025 -
chore: remove old TODO comment
#744 merged
May 4, 2025 -
refactor: begin splitting out syntax/sema error handling
#734 merged
May 3, 2025 -
docs: alpha sort audit doc contents by audit name
#741 merged
May 2, 2025 -
feat: emit pedantic finding for tagged OCI images
#740 merged
May 2, 2025 -
chore(docs): put examples in example blocks
#739 merged
May 2, 2025 -
feat: add unpinned-container-images check
#733 merged
May 2, 2025 -
New Audit
unsound-contains: Checks for problematiccontains()usage#577 merged
May 2, 2025 -
bugfix: fix edge case in remote audit input collection
#731 merged
May 1, 2025
2 Pull requests opened by 2 people
-
feat: extend template injection audit & use CodeQL models
#743 opened
May 4, 2025 -
[WIP] experiment with extracting contexts from webhook schemata
#745 opened
May 4, 2025
5 Issues closed by 1 person
-
Feature: specific references in forbidden-uses
#676 closed
May 6, 2025 -
[BUG] `zizmor` aborts on empty workflow files
#725 closed
May 3, 2025 -
Feature: `unpinned-uses` should emit pedantic findings for tagged-but-not-hash-pinned
#736 closed
May 2, 2025 -
New audit: `unpinned-images`
#704 closed
May 2, 2025 -
[BUG]: Non-Action yaml file fails remote audit (but not local)
#726 closed
May 1, 2025
10 Issues opened by 3 people
-
Feature: `obfuscation` audit should check for computed indices
#762 opened
May 7, 2025 -
Move zizmor to its own GitHub org
#758 opened
May 7, 2025 -
PSA: Official Discord server!
#756 opened
May 7, 2025 -
[BUG] False positive detection for artipacked when `persist-credentials: false` is properly set
#755 opened
May 7, 2025 -
Bug: template-injection: `foo.bar.baz` and `foo['bar']['baz']` are not treated the same
#749 opened
May 5, 2025 -
Feature: wrong value in ternary pattern
#746 opened
May 5, 2025 -
Feature: detect no-op conditions
#742 opened
May 3, 2025 -
Feature: `unpinned-images` could discover `docker pull ...` patterns in `run:` clauses
#738 opened
May 2, 2025 -
Feature: policies for `unpinned-images`
#737 opened
May 2, 2025 -
[BUG]: impostor-commit audit tries lookup on wrong github instance
#735 opened
May 2, 2025
6 Unresolved conversations
Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.
-
feat: Audit secrets outside an environment
#637 commented on
May 6, 2025 • 8 new comments -
Design a static HTTP API for serving pre-computed information
#278 commented on
May 3, 2025 • 0 new comments -
Feature: detect mismatches between pinned full-length commit SHA and version tag
#643 commented on
May 4, 2025 • 0 new comments -
New audit: Dependabot privilege escalation
#730 commented on
May 4, 2025 • 0 new comments -
Feature: Check `pull_request_target` workflows on all branches
#680 commented on
May 7, 2025 • 0 new comments -
Switch back to OSV/ecosyste.ms for actions security advisories?
#380 commented on
May 7, 2025 • 0 new comments