vaultwarden/.github/workflows/zizmor.yml
Mathijs van Veluw 169aa5efcc
Some checks are pending
Build / Build and Test ${{ matrix.channel }} (msrv) (push) Waiting to run
Build / Build and Test ${{ matrix.channel }} (rust-toolchain) (push) Waiting to run
Check templates / Validate docker templates (push) Waiting to run
Hadolint / Validate Dockerfile syntax (push) Waiting to run
Release / Build Vaultwarden containers (amd64, alpine) (push) Waiting to run
Release / Build Vaultwarden containers (amd64, debian) (push) Waiting to run
Release / Build Vaultwarden containers (arm/v6, alpine) (push) Waiting to run
Release / Build Vaultwarden containers (arm/v6, debian) (push) Waiting to run
Release / Build Vaultwarden containers (arm/v7, alpine) (push) Waiting to run
Release / Build Vaultwarden containers (arm/v7, debian) (push) Waiting to run
Release / Build Vaultwarden containers (arm64, alpine) (push) Waiting to run
Release / Build Vaultwarden containers (arm64, debian) (push) Waiting to run
Release / Merge manifests (alpine) (push) Blocked by required conditions
Release / Merge manifests (debian) (push) Blocked by required conditions
Trivy / Trivy Scan (push) Waiting to run
Code Spell Checking / Run typos spell checking (push) Waiting to run
Security Analysis with zizmor / Run zizmor (push) Waiting to run
Misc updates and fixes (#7406)
* Misc updates and fixes

- Updated Rust to v1.96.1
- Updated all the crates
- Updated GitHub Actions
- Updated the web-vault to v2026.6.2
- Updated Alpine to v3.24
- Fixed several clippy lints
- The `send` UUID wrappers didn't need the special namespace anymore since an updated crate, so removed this extra mod.

Signed-off-by: BlackDex <black.dex@gmail.com>

* Update MSRV to v1.94.1

Signed-off-by: BlackDex <black.dex@gmail.com>

---------

Signed-off-by: BlackDex <black.dex@gmail.com>
2026-07-08 22:10:29 +02:00

32 lines
839 B
YAML

name: Security Analysis with zizmor
permissions: {}
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
on:
push:
branches: ["main"]
pull_request:
branches: ["**"]
jobs:
zizmor:
name: Run zizmor
runs-on: ubuntu-24.04
permissions:
security-events: write # To write the security report
steps:
- name: Checkout repository
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false
- name: Run zizmor
uses: zizmorcore/zizmor-action@192e21d79ab29983730a13d1382995c2307fbcaa # v0.5.7
with:
# intentionally not scanning the entire repository,
# since it contains integration tests.
inputs: ./.github/