Skip to content

[zizmor] Security fixes for workflow vulnerabilities + zizmor workflow#105

Open
Vombato wants to merge 5 commits into
mainfrom
fix/zizmor-security-fixes-20251017-113942
Open

[zizmor] Security fixes for workflow vulnerabilities + zizmor workflow#105
Vombato wants to merge 5 commits into
mainfrom
fix/zizmor-security-fixes-20251017-113942

Conversation

@Vombato

@Vombato Vombato commented Oct 17, 2025

Copy link
Copy Markdown

🔒 Zizmor workflow and security fixes

This PR resolves security vulnerabilities detected by Zizmor and adds its workflow to continuously scan and alert for security issues.

Fixes #320

- template-injection in run-e2e-tests.yaml (line 49)
- template-injection in run-e2e-tests.yaml (line 49)
- template-injection in run-e2e-tests.yaml (line 49)
- template-injection in run-e2e-tests.yaml (line 49)
- template-injection in run-e2e-tests.yaml (line 49)
- unpinned-uses in run-e2e-tests.yaml (line 90)

Applied automatic fixes using zizmor.
@Vombato Vombato temporarily deployed to default-private October 17, 2025 09:39 — with GitHub Actions Inactive
@Vombato Vombato marked this pull request as ready for review October 21, 2025 13:35
@freemanzMrojo

Copy link
Copy Markdown
Contributor

it might need some adjustments since the aikido pr was touching the same file @Vombato 👍🏼

@Vombato Vombato changed the title [zizmor] Security fixes for workflow vulnerabilities [zizmor] Security fixes for workflow vulnerabilities + zizmor workflow Nov 27, 2025
@Vombato

Vombato commented Nov 27, 2025

Copy link
Copy Markdown
Author

Sorry for leaving it stale @freemanzMrojo , fixed the conflicts and took the opportunity to also add the workflows scan action.

@freemanzMrojo

Copy link
Copy Markdown
Contributor

Sorry for leaving it stale @freemanzMrojo , fixed the conflicts and took the opportunity to also add the workflows scan action.

No worries man! I am not a reviewer of this repo anymore but I am sure @darrenvechain will have a look at it eventually 👍🏼

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants