zizmor.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14

rules:
  dangerous-triggers:
    # Before ignoring a file, assume all inputs are malicious, assign explicit
    # minimal permissions, and do not use actions/checkout.
    ignore:
      - coverage_comment.yml
      - labels.yml
      - new_contributor_pr.yml
      - check_pr_quality.yml
  unpinned-uses:
    config:
      policies:
        actions/*: ref-pin
        psf/*: ref-pin