Skip to content

Add Zizmor workflow security scanning #497

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Vombato wants to merge 6 commits into
base: main
Choose a base branch
from
Open

Add Zizmor workflow security scanning #497

Vombato wants to merge 6 commits into from

Conversation

@Vombato
Copy link
Collaborator

@Vombato Vombato commented Nov 14, 2025

Add Zizmor Workflow Security Scanning

This PR adds automated security scanning for GitHub Actions workflows using Zizmor.

Issue Resolved

  • Closes vechain/security#381

Changes

  • ✅ Added .github/workflows/scan-workflows.yaml workflow
  • 📝 Added workflow badge to README.md (committed locally, not pushed - for manual review)

Configuration

  • Persona: auditor
  • Min Severity: high
  • Min Confidence: high

Review Checklist

  • Review workflow configuration
  • Verify badge placement in README.md (committed locally, adjust if needed)
  • Ensure ZIZMOR_TOKEN secret is configured in repository settings
  • Merge when ready

@Vombato
Add Zizmor workflow badge to README.md
f1d2163
@Vombato
Add Zizmor workflow security scanning
118d0fb 
- Add .github/workflows/scan-workflows.yaml with high severity/confidence settings
- Configure automated security scanning for GitHub Actions workflows

Closes vechain/security#381
@vercel
Copy link

vercel bot commented Nov 14, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
vevote-frontend-dev Ready Ready Preview Comment Nov 14, 2025 9:18am

@Vombato Vombato marked this pull request as ready for review November 17, 2025 09:15
@Vombato Vombato requested a review from mikeredmond November 27, 2025 18:38
@sonarqubecloud
Copy link

sonarqubecloud bot commented Nov 27, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mikeredmond mikeredmond Awaiting requested review from mikeredmond

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

increment:patch

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Vombato