Introducing zizmor: now you can have beautiful clean workflows

from blog ENOSUCHBLOG, | ↗ original
This is an announcement for zizmor, a new tool for finding security issues in GitHub Actions setups. You can run it on one or more workflow definitions1, and it’ll emit cargo-style diagnostics, SARIF, or JSON as you please. Support for custom actions (e.g. action.yml within actions/checkout or similar) is planned, but not implemented yet. ↩
This is a short summary. ↗ Open original to view full content

Related

Just a bunch of git stuff
meain/blog | original ↗
GitHub Actions could be so much better
ENOSUCHBLOG | original ↗
Periodic readme updates with GitHub Actions
Redowan's Reflections | original ↗
Auditing commit messages on GitHub
Redowan's Reflections | original ↗
Github action template for Python based projects
Redowan's Reflections | original ↗
Easy, Free Laravel CI Using GitHub Actions
Caleb Porzio | original ↗
Some Alfred Workflow Updates
Robb Knight • Posts • RSS Feed | original ↗
GitHub vs mailing lists, from another perspective
Asylum Archives | original ↗
PurpleUrchin Crypto Mining With Free GitHub Actions
Welcome To A DevOps Blog on Valewood DevOps Consulting | original ↗
Use GitHub Actions + Azure AD to Govern GitHub Organization Members
bradyjoslin.com | original ↗

More from ENOSUCHBLOG

YAML feature extraction with yamlpath
10 Sept 2024 | original ↗

Another Rust crate announcement: this time I’m announcing yamlpath, a small library for format-preserving YAML feature extraction.

Tracking and publishing my TILs
18 Aug 2024 | original ↗

Mini-post.

Approximating sum types in Python with Pydantic
12 Aug 2024 | original ↗

TL;DR: You can use Pydantic’s support for tagged unions to approximate sum types in Python; go right to Sum types in Python (and onwards) to see how it’s done.

Python wheel filenames have no canonical form
12 Jun 2024 | original ↗

This short(-ish) post is a successor to 2022’s a most vexing parse, but for Python packaging. I discovered it the other day while doing it what I normally do: mucking through the guts of Python packaging.

Reducing my blogging cadence
30 Apr 2024 | original ↗

Mini-post.