Aashish-Jha-11 commented on PR #1982: URL: https://github.com/apache/sedona/pull/1982#issuecomment-2993361250
I've enhanced our CI/CD security by adding the zizmor static analysis tool to our pre-commit configuration. This addition helps protect our GitHub Actions workflows from common security vulnerabilities. Changes made: Added zizmor pre-commit hook with these settings: Repository: [https://github.com/zizmorcore/zizmor-pre-commit](https://laughing-potato-wrggqx47xr5435vpj.github.dev/) Version: v1.9.0 Hook ID: zizmor Configured to scan all GitHub Actions workflow files Fixed security issues in existing workflows: Updated [r.yml](https://laughing-potato-wrggqx47xr5435vpj.github.dev/) workflow to use commit SHA pinning instead of version tags Replaced r-lib/actions/*@v2.11.3 references with r-lib/actions/*@bd49c52ffe281809afa6f0fecbf37483c5dd0b93 Benefits: The zizmor pre-commit hook will automatically scan all workflows for security issues, including: Unpinned action references (which could be hijacked) Overly broad permissions Credential persistence issues Other GitHub Actions security best practices This should help maintain a more secure CI/CD pipeline for all contributors. When creating or updating workflows, the pre-commit hook will identify security issues before they reach our repository. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@sedona.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
