-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathzizmor.yml
More file actions
47 lines (47 loc) · 1.86 KB
/
zizmor.yml
File metadata and controls
47 lines (47 loc) · 1.86 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
rules:
dependabot-cooldown:
config:
days: 3
secrets-outside-env:
ignore:
# these workflows use secrets outside of an environment because it is passed into the workflow
- tag-release-devcontainer.yml:108:39
- tag-release-devcontainer.yml:228:34
- tag-release-devcontainer.yml:234:35
- tag-release-devcontainer.yml:240:34
- tag-release-devcontainer.yml:248:35
- update-dev-container-version.yml:135:24
- update-dev-container-version.yml:136:29
- quality-checks-devcontainer.yml:211:28
- quality-checks-devcontainer.yml:204:28
- quality-checks-devcontainer.yml:191:29
- dependabot-auto-approve-and-merge.yml:24:31
- dependabot-auto-approve-and-merge.yml:25:36
- tag-release-devcontainer.yml:230:34
- tag-release-devcontainer.yml:236:35
- tag-release-devcontainer.yml:242:34
- tag-release-devcontainer.yml:250:35
- update-dev-container-version.yml:136:24
- update-dev-container-version.yml:137:29
- update-dev-container-version.yml:133:24
- update-dev-container-version.yml:134:29
unpinned-images:
# these workflows use unpinned images because they are using a full image passed in that contains the tag
ignore:
- quality-checks-devcontainer.yml:32:7
- quality-checks-devcontainer.yml:216:7
- quality-checks-devcontainer.yml:286:7
- quality-checks-devcontainer.yml:329:7
- tag-release-devcontainer.yml:89:13
- quality-checks-devcontainer.yml:331:7
excessive-permissions:
# these are possible excessive permissions but need time to work out if they are actually excessive or not
ignore:
- pull_request.yml:1:1
- pull_request.yml:11:3
- pull_request.yml:18:3
- pull_request.yml:21:3
- pull_request.yml:26:3
- release.yml:1:1
- release.yml:11:3
- release.yml:13:3