Skip to content

Issues: woodruffw/zizmor

Beta
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

42 Open 149 Closed
42 Open 149 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

Feature: Audit for pull_request_target used for Dependabot & Renovate auto approve / merge enhancement New feature or request
#684 opened Apr 20, 2025 by Marcono1234
2 tasks done
4
Feature: Check pull_request_target workflows on all branches enhancement New feature or request
#680 opened Apr 20, 2025 by Marcono1234
2 tasks done
3
Feature: Recursion through reusable workflows + composite actions. enhancement New feature or request
#678 opened Apr 17, 2025 by woodruffw 2.0
1
Feature: specific references in forbidden-uses config Configuration functionality enhancement New feature or request
#676 opened Apr 17, 2025 by jcgruenhage
2 tasks done
1.7.0
4
Feature: Handle template-injection allowlisting schematically enhancement New feature or request
#674 opened Apr 16, 2025 by woodruffw
2 tasks done
1.8.0
2
Feature: tab completion cli enhancement New feature or request
#658 opened Apr 9, 2025 by woodruffw 1.7.0
@woodruffw
Feature: More granular ignore options enhancement New feature or request
#648 opened Apr 5, 2025 by winterqt
2 tasks done
1
Feature: informative error message enhancement New feature or request
#646 opened Apr 5, 2025 by rost-andreev
2 tasks done
1.7.0
5
Feature: detect mismatches between pinned full-length commit SHA and version tag enhancement New feature or request help wanted Extra attention is needed new-audit New audits
#643 opened Apr 2, 2025 by eslerm
2 tasks done
1
Audit idea: attacker-controlled labels new-audit New audits
#635 opened Mar 27, 2025 by woodruffw
Feature: Support custom cache-aware actions enhancement New feature or request
#629 opened Mar 24, 2025 by risu729
2 tasks done
2
Switch to zizmor/{ruleid} for SARIF outputs
#622 opened Mar 23, 2025 by woodruffw 1.8.0
@woodruffw
Feature: custom personas config Configuration functionality enhancement New feature or request
#617 opened Mar 18, 2025 by davidmreed
2 tasks done
2
Feature: "bulk" mode cli enhancement New feature or request
#606 opened Mar 15, 2025 by woodruffw
2 tasks done
@woodruffw
1
Feature: secrets-inherit flipside enhancement New feature or request
#579 opened Mar 2, 2025 by alexanderkjall
2 tasks done
3
Refine handling of permissions between reusable caller/called workflows enhancement New feature or request
#540 opened Feb 15, 2025 by notdodo
2 tasks done
5
Feature: IDE extensions enhancement New feature or request
#516 opened Feb 5, 2025 by woodruffw
2 tasks done
2.0
1
New audit: repojacking enhancement New feature or request good first issue Good for newcomers help wanted Extra attention is needed new-audit New audits
#479 opened Jan 19, 2025 by woodruffw
5
New audit: comment triggers new-audit New audits
#459 opened Jan 18, 2025 by woodruffw
@woodruffw
template-injection: investigate other sinks enhancement New feature or request false-negative
#417 opened Jan 10, 2025 by woodruffw
2 tasks done
1
dangerous-triggers: change persona when permissions are constrained?
#398 opened Jan 6, 2025 by woodruffw
@woodruffw
5
Feature: "private repo" persona enhancement New feature or request
#396 opened Jan 6, 2025 by woodruffw
2 tasks done
1
uses: coordinates: be fully general over step inputs false-positive
#390 opened Jan 5, 2025 by woodruffw
Switch back to OSV/ecosyste.ms for actions security advisories? enhancement New feature or request refactor Refactoring tasks
#380 opened Jan 3, 2025 by woodruffw 1.7.0
@woodruffw
2
Composite actions: support for existing audits enhancement New feature or request help wanted Extra attention is needed
#350 opened Dec 23, 2024 by woodruffw
12 of 14 tasks
4
ProTip! Adding no:label will show everything without a label.