diff --git a/.github/workflows/pypi.yml b/.github/workflows/pypi.yml index 840c83be..55c096a4 100644 --- a/.github/workflows/pypi.yml +++ b/.github/workflows/pypi.yml @@ -43,7 +43,7 @@ jobs: uses: PyO3/maturin-action@aef21716ff3dcae8a1c301d23ec3e4446972a6e3 # v1 with: target: ${{ matrix.platform.target }} - args: --release --out dist + args: --release --out dist --manifest-path crates/zizmor/Cargo.toml manylinux: ${{ matrix.platform.manylinux }} - name: Upload wheels uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 @@ -72,7 +72,7 @@ jobs: uses: PyO3/maturin-action@aef21716ff3dcae8a1c301d23ec3e4446972a6e3 # v1 with: target: ${{ matrix.platform.target }} - args: --release --out dist + args: --release --out dist --manifest-path crates/zizmor/Cargo.toml manylinux: musllinux_1_2 - name: Upload wheels uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 @@ -97,7 +97,7 @@ jobs: uses: PyO3/maturin-action@aef21716ff3dcae8a1c301d23ec3e4446972a6e3 # v1 with: target: ${{ matrix.platform.target }} - args: --release --out dist + args: --release --out dist --manifest-path crates/zizmor/Cargo.toml - name: Upload wheels uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 with: @@ -121,7 +121,7 @@ jobs: uses: PyO3/maturin-action@aef21716ff3dcae8a1c301d23ec3e4446972a6e3 # v1 with: target: ${{ matrix.platform.target }} - args: --release --out dist + args: --release --out dist --manifest-path crates/zizmor/Cargo.toml - name: Upload wheels uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 with: @@ -138,7 +138,7 @@ jobs: uses: PyO3/maturin-action@aef21716ff3dcae8a1c301d23ec3e4446972a6e3 # v1 with: command: sdist - args: --out dist + args: --out dist --manifest-path crates/zizmor/Cargo.toml - name: Upload sdist uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 with: diff --git a/Cargo.toml b/Cargo.toml index 849ec187..3e8ea894 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,80 +1,15 @@ -[package] -name = "zizmor" -description = "Static analysis for GitHub Actions" -version = "1.7.0" -edition = "2024" -repository = "https://github.com/zizmorcore/zizmor" -homepage = "https://docs.zizmor.sh" -documentation = "https://docs.zizmor.sh" +[workspace] +resolver = "2" +members = ["crates/zizmor"] + +[workspace.package] authors = ["William Woodruff "] +readme = "README.md" +edition = "2024" license = "MIT" -keywords = ["cli", "github-actions", "static-analysis", "security"] -categories = ["command-line-utilities"] -rust-version = "1.85.0" - -[features] -# Test-only: enable online audits that make use of a GitHub token via GH_TOKEN. -gh-token-tests = [] -# Test-only: enable all online audits. -online-tests = ["gh-token-tests"] -# Test-only: enable tests that require `unbuffer` for TTY behavior. -tty-tests = [] - -[dependencies] -annotate-snippets = "0.11.5" -anstream = "0.6.18" -anyhow = "1.0.98" -camino = { version = "1.1.9", features = ["serde1"] } -clap = { version = "4.5.38", features = ["derive", "env"] } -clap-verbosity-flag = { version = "3.0.2", features = [ - "tracing", -], default-features = false } -clap_complete = "4.5.50" -etcetera = "0.10.0" -flate2 = "1.1.1" -github-actions-models = "0.28.2" -http-cache-reqwest = "0.15.1" -human-panic = "2.0.1" -ignore = "0.4.23" -indexmap = "2.9.0" -indicatif = "0.17.11" -itertools = "0.14.0" -jsonschema = "0.30.0" -line-index = "0.1.2" -owo-colors = "4.2.0" -pest = "2.8.0" -pest_derive = "2.8.0" -regex = "1.11.1" -reqwest = { version = "0.12.15", features = [ - "blocking", - "json", - "rustls-tls", -], default-features = false } -reqwest-middleware = "0.4.2" -serde = { version = "1.0.219", features = ["derive"] } -serde-sarif = "0.8.0" -serde_json = "1.0.140" -serde_yaml = "0.9.34" -tar = "0.4.44" -terminal-link = "0.1.0" -thiserror = "2.0.12" -tokio = { version = "1.45.0", features = ["rt-multi-thread"] } -tracing = "0.1.41" -tracing-indicatif = "0.3.9" -tracing-subscriber = { version = "0.3.19", features = ["env-filter"] } -tree-sitter = "0.25.4" -tree-sitter-bash = "0.23.3" -tree-sitter-powershell = "0.25.2" -yamlpath = "0.16.0" [profile.dev.package] insta.opt-level = 3 [profile.release] lto = true - -[dev-dependencies] -assert_cmd = "2.0.17" -insta = { version = "1.43.0" } -pretty_assertions = "1.4.1" -serde_json_path = "0.7.2" diff --git a/crates/zizmor/Cargo.toml b/crates/zizmor/Cargo.toml new file mode 100644 index 00000000..713430c2 --- /dev/null +++ b/crates/zizmor/Cargo.toml @@ -0,0 +1,77 @@ +[package] +name = "zizmor" +description = "Static analysis for GitHub Actions" +version = "1.7.0" +repository = "https://github.com/zizmorcore/zizmor" +homepage = "https://docs.zizmor.sh" +documentation = "https://docs.zizmor.sh" +keywords = ["cli", "github-actions", "static-analysis", "security"] +categories = ["command-line-utilities"] +rust-version = "1.85.0" + +license.workspace = true +readme.workspace = true +authors.workspace = true +edition.workspace = true + +[features] +# Test-only: enable online audits that make use of a GitHub token via GH_TOKEN. +gh-token-tests = [] +# Test-only: enable all online audits. +online-tests = ["gh-token-tests"] +# Test-only: enable tests that require `unbuffer` for TTY behavior. +tty-tests = [] + +[dependencies] +annotate-snippets = "0.11.5" +anstream = "0.6.18" +anyhow = "1.0.98" +camino = { version = "1.1.9", features = ["serde1"] } +clap = { version = "4.5.38", features = ["derive", "env"] } +clap-verbosity-flag = { version = "3.0.2", features = [ + "tracing", +], default-features = false } +clap_complete = "4.5.50" +etcetera = "0.10.0" +flate2 = "1.1.1" +github-actions-models = "0.28.2" +http-cache-reqwest = "0.15.1" +human-panic = "2.0.1" +ignore = "0.4.23" +indexmap = "2.9.0" +indicatif = "0.17.11" +itertools = "0.14.0" +jsonschema = "0.30.0" +line-index = "0.1.2" +owo-colors = "4.2.0" +pest = "2.8.0" +pest_derive = "2.8.0" +regex = "1.11.1" +reqwest = { version = "0.12.15", features = [ + "blocking", + "json", + "rustls-tls", +], default-features = false } +reqwest-middleware = "0.4.2" +serde = { version = "1.0.219", features = ["derive"] } +serde-sarif = "0.8.0" +serde_json = "1.0.140" +serde_yaml = "0.9.34" +tar = "0.4.44" +terminal-link = "0.1.0" +thiserror = "2.0.12" +tokio = { version = "1.45.0", features = ["rt-multi-thread"] } +tracing = "0.1.41" +tracing-indicatif = "0.3.9" +tracing-subscriber = { version = "0.3.19", features = ["env-filter"] } +tree-sitter = "0.25.4" +tree-sitter-bash = "0.23.3" +tree-sitter-powershell = "0.25.2" +yamlpath = "0.16.0" + + +[dev-dependencies] +assert_cmd = "2.0.17" +insta = { version = "1.43.0" } +pretty_assertions = "1.4.1" +serde_json_path = "0.7.2" diff --git a/src/audit/artipacked.rs b/crates/zizmor/src/audit/artipacked.rs similarity index 100% rename from src/audit/artipacked.rs rename to crates/zizmor/src/audit/artipacked.rs diff --git a/src/audit/bot_conditions.rs b/crates/zizmor/src/audit/bot_conditions.rs similarity index 100% rename from src/audit/bot_conditions.rs rename to crates/zizmor/src/audit/bot_conditions.rs diff --git a/src/audit/cache_poisoning.rs b/crates/zizmor/src/audit/cache_poisoning.rs similarity index 100% rename from src/audit/cache_poisoning.rs rename to crates/zizmor/src/audit/cache_poisoning.rs diff --git a/src/audit/dangerous_triggers.rs b/crates/zizmor/src/audit/dangerous_triggers.rs similarity index 100% rename from src/audit/dangerous_triggers.rs rename to crates/zizmor/src/audit/dangerous_triggers.rs diff --git a/src/audit/excessive_permissions.rs b/crates/zizmor/src/audit/excessive_permissions.rs similarity index 100% rename from src/audit/excessive_permissions.rs rename to crates/zizmor/src/audit/excessive_permissions.rs diff --git a/src/audit/forbidden_uses.rs b/crates/zizmor/src/audit/forbidden_uses.rs similarity index 100% rename from src/audit/forbidden_uses.rs rename to crates/zizmor/src/audit/forbidden_uses.rs diff --git a/src/audit/github_env.rs b/crates/zizmor/src/audit/github_env.rs similarity index 100% rename from src/audit/github_env.rs rename to crates/zizmor/src/audit/github_env.rs diff --git a/src/audit/hardcoded_container_credentials.rs b/crates/zizmor/src/audit/hardcoded_container_credentials.rs similarity index 100% rename from src/audit/hardcoded_container_credentials.rs rename to crates/zizmor/src/audit/hardcoded_container_credentials.rs diff --git a/src/audit/impostor_commit.rs b/crates/zizmor/src/audit/impostor_commit.rs similarity index 100% rename from src/audit/impostor_commit.rs rename to crates/zizmor/src/audit/impostor_commit.rs diff --git a/src/audit/insecure_commands.rs b/crates/zizmor/src/audit/insecure_commands.rs similarity index 100% rename from src/audit/insecure_commands.rs rename to crates/zizmor/src/audit/insecure_commands.rs diff --git a/src/audit/known_vulnerable_actions.rs b/crates/zizmor/src/audit/known_vulnerable_actions.rs similarity index 100% rename from src/audit/known_vulnerable_actions.rs rename to crates/zizmor/src/audit/known_vulnerable_actions.rs diff --git a/src/audit/mod.rs b/crates/zizmor/src/audit/mod.rs similarity index 100% rename from src/audit/mod.rs rename to crates/zizmor/src/audit/mod.rs diff --git a/src/audit/obfuscation.rs b/crates/zizmor/src/audit/obfuscation.rs similarity index 100% rename from src/audit/obfuscation.rs rename to crates/zizmor/src/audit/obfuscation.rs diff --git a/src/audit/overprovisioned_secrets.rs b/crates/zizmor/src/audit/overprovisioned_secrets.rs similarity index 100% rename from src/audit/overprovisioned_secrets.rs rename to crates/zizmor/src/audit/overprovisioned_secrets.rs diff --git a/src/audit/ref_confusion.rs b/crates/zizmor/src/audit/ref_confusion.rs similarity index 100% rename from src/audit/ref_confusion.rs rename to crates/zizmor/src/audit/ref_confusion.rs diff --git a/src/audit/secrets_inherit.rs b/crates/zizmor/src/audit/secrets_inherit.rs similarity index 100% rename from src/audit/secrets_inherit.rs rename to crates/zizmor/src/audit/secrets_inherit.rs diff --git a/src/audit/self_hosted_runner.rs b/crates/zizmor/src/audit/self_hosted_runner.rs similarity index 100% rename from src/audit/self_hosted_runner.rs rename to crates/zizmor/src/audit/self_hosted_runner.rs diff --git a/src/audit/stale_action_refs.rs b/crates/zizmor/src/audit/stale_action_refs.rs similarity index 100% rename from src/audit/stale_action_refs.rs rename to crates/zizmor/src/audit/stale_action_refs.rs diff --git a/src/audit/template_injection.rs b/crates/zizmor/src/audit/template_injection.rs similarity index 100% rename from src/audit/template_injection.rs rename to crates/zizmor/src/audit/template_injection.rs diff --git a/src/audit/unpinned_images.rs b/crates/zizmor/src/audit/unpinned_images.rs similarity index 100% rename from src/audit/unpinned_images.rs rename to crates/zizmor/src/audit/unpinned_images.rs diff --git a/src/audit/unpinned_uses.rs b/crates/zizmor/src/audit/unpinned_uses.rs similarity index 100% rename from src/audit/unpinned_uses.rs rename to crates/zizmor/src/audit/unpinned_uses.rs diff --git a/src/audit/unredacted_secrets.rs b/crates/zizmor/src/audit/unredacted_secrets.rs similarity index 100% rename from src/audit/unredacted_secrets.rs rename to crates/zizmor/src/audit/unredacted_secrets.rs diff --git a/src/audit/unsound_contains.rs b/crates/zizmor/src/audit/unsound_contains.rs similarity index 100% rename from src/audit/unsound_contains.rs rename to crates/zizmor/src/audit/unsound_contains.rs diff --git a/src/audit/use_trusted_publishing.rs b/crates/zizmor/src/audit/use_trusted_publishing.rs similarity index 100% rename from src/audit/use_trusted_publishing.rs rename to crates/zizmor/src/audit/use_trusted_publishing.rs diff --git a/src/config.rs b/crates/zizmor/src/config.rs similarity index 100% rename from src/config.rs rename to crates/zizmor/src/config.rs diff --git a/src/data/github-action.json b/crates/zizmor/src/data/github-action.json similarity index 100% rename from src/data/github-action.json rename to crates/zizmor/src/data/github-action.json diff --git a/src/data/github-workflow.json b/crates/zizmor/src/data/github-workflow.json similarity index 100% rename from src/data/github-workflow.json rename to crates/zizmor/src/data/github-workflow.json diff --git a/src/expr/expr.pest b/crates/zizmor/src/expr/expr.pest similarity index 100% rename from src/expr/expr.pest rename to crates/zizmor/src/expr/expr.pest diff --git a/src/expr/mod.rs b/crates/zizmor/src/expr/mod.rs similarity index 100% rename from src/expr/mod.rs rename to crates/zizmor/src/expr/mod.rs diff --git a/src/finding/mod.rs b/crates/zizmor/src/finding/mod.rs similarity index 100% rename from src/finding/mod.rs rename to crates/zizmor/src/finding/mod.rs diff --git a/src/github_api.rs b/crates/zizmor/src/github_api.rs similarity index 100% rename from src/github_api.rs rename to crates/zizmor/src/github_api.rs diff --git a/src/main.rs b/crates/zizmor/src/main.rs similarity index 100% rename from src/main.rs rename to crates/zizmor/src/main.rs diff --git a/src/models.rs b/crates/zizmor/src/models.rs similarity index 100% rename from src/models.rs rename to crates/zizmor/src/models.rs diff --git a/src/models/coordinate.rs b/crates/zizmor/src/models/coordinate.rs similarity index 100% rename from src/models/coordinate.rs rename to crates/zizmor/src/models/coordinate.rs diff --git a/src/models/uses.rs b/crates/zizmor/src/models/uses.rs similarity index 100% rename from src/models/uses.rs rename to crates/zizmor/src/models/uses.rs diff --git a/src/output/github.rs b/crates/zizmor/src/output/github.rs similarity index 100% rename from src/output/github.rs rename to crates/zizmor/src/output/github.rs diff --git a/src/output/mod.rs b/crates/zizmor/src/output/mod.rs similarity index 100% rename from src/output/mod.rs rename to crates/zizmor/src/output/mod.rs diff --git a/src/output/plain.rs b/crates/zizmor/src/output/plain.rs similarity index 100% rename from src/output/plain.rs rename to crates/zizmor/src/output/plain.rs diff --git a/src/output/sarif.rs b/crates/zizmor/src/output/sarif.rs similarity index 100% rename from src/output/sarif.rs rename to crates/zizmor/src/output/sarif.rs diff --git a/src/registry.rs b/crates/zizmor/src/registry.rs similarity index 100% rename from src/registry.rs rename to crates/zizmor/src/registry.rs diff --git a/src/state.rs b/crates/zizmor/src/state.rs similarity index 100% rename from src/state.rs rename to crates/zizmor/src/state.rs diff --git a/src/utils.rs b/crates/zizmor/src/utils.rs similarity index 100% rename from src/utils.rs rename to crates/zizmor/src/utils.rs diff --git a/tests/integration/acceptance.rs b/crates/zizmor/tests/integration/acceptance.rs similarity index 100% rename from tests/integration/acceptance.rs rename to crates/zizmor/tests/integration/acceptance.rs diff --git a/tests/integration/common.rs b/crates/zizmor/tests/integration/common.rs similarity index 100% rename from tests/integration/common.rs rename to crates/zizmor/tests/integration/common.rs diff --git a/tests/integration/e2e.rs b/crates/zizmor/tests/integration/e2e.rs similarity index 100% rename from tests/integration/e2e.rs rename to crates/zizmor/tests/integration/e2e.rs diff --git a/tests/integration/main.rs b/crates/zizmor/tests/integration/main.rs similarity index 100% rename from tests/integration/main.rs rename to crates/zizmor/tests/integration/main.rs diff --git a/tests/integration/snapshot.rs b/crates/zizmor/tests/integration/snapshot.rs similarity index 100% rename from tests/integration/snapshot.rs rename to crates/zizmor/tests/integration/snapshot.rs diff --git a/tests/integration/snapshots/integration__e2e__gha_hazmat.snap b/crates/zizmor/tests/integration/snapshots/integration__e2e__gha_hazmat.snap similarity index 100% rename from tests/integration/snapshots/integration__e2e__gha_hazmat.snap rename to crates/zizmor/tests/integration/snapshots/integration__e2e__gha_hazmat.snap diff --git a/tests/integration/snapshots/integration__e2e__invalid_config_file.snap b/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_config_file.snap similarity index 100% rename from tests/integration/snapshots/integration__e2e__invalid_config_file.snap rename to crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_config_file.snap diff --git a/tests/integration/snapshots/integration__e2e__invalid_inputs-10.snap b/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-10.snap similarity index 100% rename from tests/integration/snapshots/integration__e2e__invalid_inputs-10.snap rename to crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-10.snap diff --git a/tests/integration/snapshots/integration__e2e__invalid_inputs-2.snap b/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-2.snap similarity index 100% rename from tests/integration/snapshots/integration__e2e__invalid_inputs-2.snap rename to crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-2.snap diff --git a/tests/integration/snapshots/integration__e2e__invalid_inputs-3.snap b/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-3.snap similarity index 100% rename from tests/integration/snapshots/integration__e2e__invalid_inputs-3.snap rename to crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-3.snap diff --git a/tests/integration/snapshots/integration__e2e__invalid_inputs-4.snap b/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-4.snap similarity index 100% rename from tests/integration/snapshots/integration__e2e__invalid_inputs-4.snap rename to crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-4.snap diff --git a/tests/integration/snapshots/integration__e2e__invalid_inputs-5.snap b/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-5.snap similarity index 100% rename from tests/integration/snapshots/integration__e2e__invalid_inputs-5.snap rename to crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-5.snap diff --git a/tests/integration/snapshots/integration__e2e__invalid_inputs-6.snap b/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-6.snap similarity index 100% rename from tests/integration/snapshots/integration__e2e__invalid_inputs-6.snap rename to crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-6.snap diff --git a/tests/integration/snapshots/integration__e2e__invalid_inputs-7.snap b/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-7.snap similarity index 100% rename from tests/integration/snapshots/integration__e2e__invalid_inputs-7.snap rename to crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-7.snap diff --git a/tests/integration/snapshots/integration__e2e__invalid_inputs-8.snap b/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-8.snap similarity index 100% rename from tests/integration/snapshots/integration__e2e__invalid_inputs-8.snap rename to crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-8.snap diff --git a/tests/integration/snapshots/integration__e2e__invalid_inputs-9.snap b/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-9.snap similarity index 100% rename from tests/integration/snapshots/integration__e2e__invalid_inputs-9.snap rename to crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-9.snap diff --git a/tests/integration/snapshots/integration__e2e__invalid_inputs.snap b/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs.snap similarity index 100% rename from tests/integration/snapshots/integration__e2e__invalid_inputs.snap rename to crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs.snap diff --git a/tests/integration/snapshots/integration__e2e__issue_569.snap b/crates/zizmor/tests/integration/snapshots/integration__e2e__issue_569.snap similarity index 100% rename from tests/integration/snapshots/integration__e2e__issue_569.snap rename to crates/zizmor/tests/integration/snapshots/integration__e2e__issue_569.snap diff --git a/tests/integration/snapshots/integration__e2e__issue_612_repro.snap b/crates/zizmor/tests/integration/snapshots/integration__e2e__issue_612_repro.snap similarity index 100% rename from tests/integration/snapshots/integration__e2e__issue_612_repro.snap rename to crates/zizmor/tests/integration/snapshots/integration__e2e__issue_612_repro.snap diff --git a/tests/integration/snapshots/integration__e2e__issue_726.snap b/crates/zizmor/tests/integration/snapshots/integration__e2e__issue_726.snap similarity index 100% rename from tests/integration/snapshots/integration__e2e__issue_726.snap rename to crates/zizmor/tests/integration/snapshots/integration__e2e__issue_726.snap diff --git a/tests/integration/snapshots/integration__e2e__menagerie-2.snap b/crates/zizmor/tests/integration/snapshots/integration__e2e__menagerie-2.snap similarity index 100% rename from tests/integration/snapshots/integration__e2e__menagerie-2.snap rename to crates/zizmor/tests/integration/snapshots/integration__e2e__menagerie-2.snap diff --git a/tests/integration/snapshots/integration__e2e__menagerie.snap b/crates/zizmor/tests/integration/snapshots/integration__e2e__menagerie.snap similarity index 100% rename from tests/integration/snapshots/integration__e2e__menagerie.snap rename to crates/zizmor/tests/integration/snapshots/integration__e2e__menagerie.snap diff --git a/tests/integration/snapshots/integration__snapshot__artipacked-2.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__artipacked-2.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__artipacked-2.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__artipacked-2.snap diff --git a/tests/integration/snapshots/integration__snapshot__artipacked-3.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__artipacked-3.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__artipacked-3.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__artipacked-3.snap diff --git a/tests/integration/snapshots/integration__snapshot__artipacked-4.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__artipacked-4.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__artipacked-4.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__artipacked-4.snap diff --git a/tests/integration/snapshots/integration__snapshot__artipacked.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__artipacked.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__artipacked.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__artipacked.snap diff --git a/tests/integration/snapshots/integration__snapshot__bot_conditions.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__bot_conditions.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__bot_conditions.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__bot_conditions.snap diff --git a/tests/integration/snapshots/integration__snapshot__cache_poisoning-10.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-10.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__cache_poisoning-10.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-10.snap diff --git a/tests/integration/snapshots/integration__snapshot__cache_poisoning-11.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-11.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__cache_poisoning-11.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-11.snap diff --git a/tests/integration/snapshots/integration__snapshot__cache_poisoning-12.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-12.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__cache_poisoning-12.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-12.snap diff --git a/tests/integration/snapshots/integration__snapshot__cache_poisoning-13.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-13.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__cache_poisoning-13.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-13.snap diff --git a/tests/integration/snapshots/integration__snapshot__cache_poisoning-14.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-14.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__cache_poisoning-14.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-14.snap diff --git a/tests/integration/snapshots/integration__snapshot__cache_poisoning-15.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-15.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__cache_poisoning-15.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-15.snap diff --git a/tests/integration/snapshots/integration__snapshot__cache_poisoning-2.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-2.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__cache_poisoning-2.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-2.snap diff --git a/tests/integration/snapshots/integration__snapshot__cache_poisoning-3.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-3.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__cache_poisoning-3.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-3.snap diff --git a/tests/integration/snapshots/integration__snapshot__cache_poisoning-4.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-4.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__cache_poisoning-4.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-4.snap diff --git a/tests/integration/snapshots/integration__snapshot__cache_poisoning-5.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-5.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__cache_poisoning-5.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-5.snap diff --git a/tests/integration/snapshots/integration__snapshot__cache_poisoning-6.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-6.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__cache_poisoning-6.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-6.snap diff --git a/tests/integration/snapshots/integration__snapshot__cache_poisoning-7.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-7.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__cache_poisoning-7.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-7.snap diff --git a/tests/integration/snapshots/integration__snapshot__cache_poisoning-8.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-8.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__cache_poisoning-8.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-8.snap diff --git a/tests/integration/snapshots/integration__snapshot__cache_poisoning-9.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-9.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__cache_poisoning-9.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-9.snap diff --git a/tests/integration/snapshots/integration__snapshot__cache_poisoning.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__cache_poisoning.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning.snap diff --git a/tests/integration/snapshots/integration__snapshot__cant_retrieve.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__cant_retrieve.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__cant_retrieve.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__cant_retrieve.snap diff --git a/tests/integration/snapshots/integration__snapshot__excessive_permissions-10.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-10.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__excessive_permissions-10.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-10.snap diff --git a/tests/integration/snapshots/integration__snapshot__excessive_permissions-11.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-11.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__excessive_permissions-11.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-11.snap diff --git a/tests/integration/snapshots/integration__snapshot__excessive_permissions-12.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-12.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__excessive_permissions-12.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-12.snap diff --git a/tests/integration/snapshots/integration__snapshot__excessive_permissions-2.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-2.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__excessive_permissions-2.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-2.snap diff --git a/tests/integration/snapshots/integration__snapshot__excessive_permissions-3.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-3.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__excessive_permissions-3.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-3.snap diff --git a/tests/integration/snapshots/integration__snapshot__excessive_permissions-4.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-4.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__excessive_permissions-4.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-4.snap diff --git a/tests/integration/snapshots/integration__snapshot__excessive_permissions-5.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-5.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__excessive_permissions-5.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-5.snap diff --git a/tests/integration/snapshots/integration__snapshot__excessive_permissions-6.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-6.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__excessive_permissions-6.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-6.snap diff --git a/tests/integration/snapshots/integration__snapshot__excessive_permissions-7.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-7.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__excessive_permissions-7.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-7.snap diff --git a/tests/integration/snapshots/integration__snapshot__excessive_permissions-8.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-8.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__excessive_permissions-8.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-8.snap diff --git a/tests/integration/snapshots/integration__snapshot__excessive_permissions-9.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-9.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__excessive_permissions-9.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-9.snap diff --git a/tests/integration/snapshots/integration__snapshot__excessive_permissions.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__excessive_permissions.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions.snap diff --git a/tests/integration/snapshots/integration__snapshot__forbidden_uses-2.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__forbidden_uses-2.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__forbidden_uses-2.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__forbidden_uses-2.snap diff --git a/tests/integration/snapshots/integration__snapshot__forbidden_uses-3.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__forbidden_uses-3.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__forbidden_uses-3.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__forbidden_uses-3.snap diff --git a/tests/integration/snapshots/integration__snapshot__forbidden_uses-4.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__forbidden_uses-4.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__forbidden_uses-4.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__forbidden_uses-4.snap diff --git a/tests/integration/snapshots/integration__snapshot__forbidden_uses-5.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__forbidden_uses-5.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__forbidden_uses-5.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__forbidden_uses-5.snap diff --git a/tests/integration/snapshots/integration__snapshot__forbidden_uses-6.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__forbidden_uses-6.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__forbidden_uses-6.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__forbidden_uses-6.snap diff --git a/tests/integration/snapshots/integration__snapshot__forbidden_uses.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__forbidden_uses.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__forbidden_uses.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__forbidden_uses.snap diff --git a/tests/integration/snapshots/integration__snapshot__github_env-2.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__github_env-2.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__github_env-2.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__github_env-2.snap diff --git a/tests/integration/snapshots/integration__snapshot__github_env-3.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__github_env-3.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__github_env-3.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__github_env-3.snap diff --git a/tests/integration/snapshots/integration__snapshot__github_env.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__github_env.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__github_env.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__github_env.snap diff --git a/tests/integration/snapshots/integration__snapshot__github_output.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__github_output.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__github_output.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__github_output.snap diff --git a/tests/integration/snapshots/integration__snapshot__insecure_commands-2.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__insecure_commands-2.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__insecure_commands-2.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__insecure_commands-2.snap diff --git a/tests/integration/snapshots/integration__snapshot__insecure_commands-3.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__insecure_commands-3.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__insecure_commands-3.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__insecure_commands-3.snap diff --git a/tests/integration/snapshots/integration__snapshot__insecure_commands.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__insecure_commands.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__insecure_commands.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__insecure_commands.snap diff --git a/tests/integration/snapshots/integration__snapshot__obfuscation.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__obfuscation.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__obfuscation.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__obfuscation.snap diff --git a/tests/integration/snapshots/integration__snapshot__overprovisioned_secrets.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__overprovisioned_secrets.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__overprovisioned_secrets.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__overprovisioned_secrets.snap diff --git a/tests/integration/snapshots/integration__snapshot__ref_confusion-2.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__ref_confusion-2.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__ref_confusion-2.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__ref_confusion-2.snap diff --git a/tests/integration/snapshots/integration__snapshot__ref_confusion.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__ref_confusion.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__ref_confusion.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__ref_confusion.snap diff --git a/tests/integration/snapshots/integration__snapshot__secrets_inherit.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__secrets_inherit.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__secrets_inherit.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__secrets_inherit.snap diff --git a/tests/integration/snapshots/integration__snapshot__self_hosted-2.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted-2.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__self_hosted-2.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted-2.snap diff --git a/tests/integration/snapshots/integration__snapshot__self_hosted-3.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted-3.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__self_hosted-3.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted-3.snap diff --git a/tests/integration/snapshots/integration__snapshot__self_hosted-4.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted-4.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__self_hosted-4.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted-4.snap diff --git a/tests/integration/snapshots/integration__snapshot__self_hosted-5.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted-5.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__self_hosted-5.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted-5.snap diff --git a/tests/integration/snapshots/integration__snapshot__self_hosted-6.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted-6.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__self_hosted-6.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted-6.snap diff --git a/tests/integration/snapshots/integration__snapshot__self_hosted-7.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted-7.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__self_hosted-7.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted-7.snap diff --git a/tests/integration/snapshots/integration__snapshot__self_hosted-8.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted-8.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__self_hosted-8.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted-8.snap diff --git a/tests/integration/snapshots/integration__snapshot__self_hosted.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__self_hosted.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted.snap diff --git a/tests/integration/snapshots/integration__snapshot__stale_action_refs.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__stale_action_refs.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__stale_action_refs.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__stale_action_refs.snap diff --git a/tests/integration/snapshots/integration__snapshot__template_injection-2.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-2.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__template_injection-2.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-2.snap diff --git a/tests/integration/snapshots/integration__snapshot__template_injection-3.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-3.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__template_injection-3.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-3.snap diff --git a/tests/integration/snapshots/integration__snapshot__template_injection-4.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-4.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__template_injection-4.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-4.snap diff --git a/tests/integration/snapshots/integration__snapshot__template_injection-5.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-5.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__template_injection-5.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-5.snap diff --git a/tests/integration/snapshots/integration__snapshot__template_injection-6.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-6.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__template_injection-6.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-6.snap diff --git a/tests/integration/snapshots/integration__snapshot__template_injection-7.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-7.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__template_injection-7.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-7.snap diff --git a/tests/integration/snapshots/integration__snapshot__template_injection-8.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-8.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__template_injection-8.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-8.snap diff --git a/tests/integration/snapshots/integration__snapshot__template_injection-9.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-9.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__template_injection-9.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-9.snap diff --git a/tests/integration/snapshots/integration__snapshot__template_injection.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__template_injection.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection.snap diff --git a/tests/integration/snapshots/integration__snapshot__unpinned-uses-composite-config-2.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned-uses-composite-config-2.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__unpinned-uses-composite-config-2.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned-uses-composite-config-2.snap diff --git a/tests/integration/snapshots/integration__snapshot__unpinned-uses-composite-config.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned-uses-composite-config.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__unpinned-uses-composite-config.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned-uses-composite-config.snap diff --git a/tests/integration/snapshots/integration__snapshot__unpinned-uses-default-config.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned-uses-default-config.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__unpinned-uses-default-config.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned-uses-default-config.snap diff --git a/tests/integration/snapshots/integration__snapshot__unpinned-uses-empty-config.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned-uses-empty-config.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__unpinned-uses-empty-config.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned-uses-empty-config.snap diff --git a/tests/integration/snapshots/integration__snapshot__unpinned-uses-hash-pin-everything-config.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned-uses-hash-pin-everything-config.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__unpinned-uses-hash-pin-everything-config.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned-uses-hash-pin-everything-config.snap diff --git a/tests/integration/snapshots/integration__snapshot__unpinned-uses-ref-pin-everything-config.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned-uses-ref-pin-everything-config.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__unpinned-uses-ref-pin-everything-config.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned-uses-ref-pin-everything-config.snap diff --git a/tests/integration/snapshots/integration__snapshot__unpinned_images.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_images.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__unpinned_images.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_images.snap diff --git a/tests/integration/snapshots/integration__snapshot__unpinned_uses-10.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-10.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__unpinned_uses-10.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-10.snap diff --git a/tests/integration/snapshots/integration__snapshot__unpinned_uses-11.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-11.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__unpinned_uses-11.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-11.snap diff --git a/tests/integration/snapshots/integration__snapshot__unpinned_uses-12.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-12.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__unpinned_uses-12.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-12.snap diff --git a/tests/integration/snapshots/integration__snapshot__unpinned_uses-2.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-2.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__unpinned_uses-2.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-2.snap diff --git a/tests/integration/snapshots/integration__snapshot__unpinned_uses-3.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-3.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__unpinned_uses-3.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-3.snap diff --git a/tests/integration/snapshots/integration__snapshot__unpinned_uses-4.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-4.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__unpinned_uses-4.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-4.snap diff --git a/tests/integration/snapshots/integration__snapshot__unpinned_uses-5.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-5.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__unpinned_uses-5.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-5.snap diff --git a/tests/integration/snapshots/integration__snapshot__unpinned_uses-6.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-6.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__unpinned_uses-6.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-6.snap diff --git a/tests/integration/snapshots/integration__snapshot__unpinned_uses-7.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-7.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__unpinned_uses-7.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-7.snap diff --git a/tests/integration/snapshots/integration__snapshot__unpinned_uses-8.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-8.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__unpinned_uses-8.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-8.snap diff --git a/tests/integration/snapshots/integration__snapshot__unpinned_uses-9.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-9.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__unpinned_uses-9.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-9.snap diff --git a/tests/integration/snapshots/integration__snapshot__unpinned_uses.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__unpinned_uses.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses.snap diff --git a/tests/integration/snapshots/integration__snapshot__unredacted_secrets.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__unredacted_secrets.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__unredacted_secrets.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__unredacted_secrets.snap diff --git a/tests/integration/snapshots/integration__snapshot__unsound_contains.snap b/crates/zizmor/tests/integration/snapshots/integration__snapshot__unsound_contains.snap similarity index 100% rename from tests/integration/snapshots/integration__snapshot__unsound_contains.snap rename to crates/zizmor/tests/integration/snapshots/integration__snapshot__unsound_contains.snap diff --git a/tests/integration/test-data/artipacked.yml b/crates/zizmor/tests/integration/test-data/artipacked.yml similarity index 100% rename from tests/integration/test-data/artipacked.yml rename to crates/zizmor/tests/integration/test-data/artipacked.yml diff --git a/tests/integration/test-data/artipacked/issue-447-repro.yml b/crates/zizmor/tests/integration/test-data/artipacked/issue-447-repro.yml similarity index 100% rename from tests/integration/test-data/artipacked/issue-447-repro.yml rename to crates/zizmor/tests/integration/test-data/artipacked/issue-447-repro.yml diff --git a/tests/integration/test-data/bot-conditions.yml b/crates/zizmor/tests/integration/test-data/bot-conditions.yml similarity index 100% rename from tests/integration/test-data/bot-conditions.yml rename to crates/zizmor/tests/integration/test-data/bot-conditions.yml diff --git a/tests/integration/test-data/cache-poisoning.yml b/crates/zizmor/tests/integration/test-data/cache-poisoning.yml similarity index 100% rename from tests/integration/test-data/cache-poisoning.yml rename to crates/zizmor/tests/integration/test-data/cache-poisoning.yml diff --git a/tests/integration/test-data/cache-poisoning/caching-disabled-by-default.yml b/crates/zizmor/tests/integration/test-data/cache-poisoning/caching-disabled-by-default.yml similarity index 100% rename from tests/integration/test-data/cache-poisoning/caching-disabled-by-default.yml rename to crates/zizmor/tests/integration/test-data/cache-poisoning/caching-disabled-by-default.yml diff --git a/tests/integration/test-data/cache-poisoning/caching-enabled-by-default.yml b/crates/zizmor/tests/integration/test-data/cache-poisoning/caching-enabled-by-default.yml similarity index 100% rename from tests/integration/test-data/cache-poisoning/caching-enabled-by-default.yml rename to crates/zizmor/tests/integration/test-data/cache-poisoning/caching-enabled-by-default.yml diff --git a/tests/integration/test-data/cache-poisoning/caching-not-configurable.yml b/crates/zizmor/tests/integration/test-data/cache-poisoning/caching-not-configurable.yml similarity index 100% rename from tests/integration/test-data/cache-poisoning/caching-not-configurable.yml rename to crates/zizmor/tests/integration/test-data/cache-poisoning/caching-not-configurable.yml diff --git a/tests/integration/test-data/cache-poisoning/caching-opt-in-boolean-toggle.yml b/crates/zizmor/tests/integration/test-data/cache-poisoning/caching-opt-in-boolean-toggle.yml similarity index 100% rename from tests/integration/test-data/cache-poisoning/caching-opt-in-boolean-toggle.yml rename to crates/zizmor/tests/integration/test-data/cache-poisoning/caching-opt-in-boolean-toggle.yml diff --git a/tests/integration/test-data/cache-poisoning/caching-opt-in-boolish-toggle.yml b/crates/zizmor/tests/integration/test-data/cache-poisoning/caching-opt-in-boolish-toggle.yml similarity index 100% rename from tests/integration/test-data/cache-poisoning/caching-opt-in-boolish-toggle.yml rename to crates/zizmor/tests/integration/test-data/cache-poisoning/caching-opt-in-boolish-toggle.yml diff --git a/tests/integration/test-data/cache-poisoning/caching-opt-in-expression.yml b/crates/zizmor/tests/integration/test-data/cache-poisoning/caching-opt-in-expression.yml similarity index 100% rename from tests/integration/test-data/cache-poisoning/caching-opt-in-expression.yml rename to crates/zizmor/tests/integration/test-data/cache-poisoning/caching-opt-in-expression.yml diff --git a/tests/integration/test-data/cache-poisoning/caching-opt-in-multi-value-toggle.yml b/crates/zizmor/tests/integration/test-data/cache-poisoning/caching-opt-in-multi-value-toggle.yml similarity index 100% rename from tests/integration/test-data/cache-poisoning/caching-opt-in-multi-value-toggle.yml rename to crates/zizmor/tests/integration/test-data/cache-poisoning/caching-opt-in-multi-value-toggle.yml diff --git a/tests/integration/test-data/cache-poisoning/caching-opt-out.yml b/crates/zizmor/tests/integration/test-data/cache-poisoning/caching-opt-out.yml similarity index 100% rename from tests/integration/test-data/cache-poisoning/caching-opt-out.yml rename to crates/zizmor/tests/integration/test-data/cache-poisoning/caching-opt-out.yml diff --git a/tests/integration/test-data/cache-poisoning/issue-343-repro.yml b/crates/zizmor/tests/integration/test-data/cache-poisoning/issue-343-repro.yml similarity index 100% rename from tests/integration/test-data/cache-poisoning/issue-343-repro.yml rename to crates/zizmor/tests/integration/test-data/cache-poisoning/issue-343-repro.yml diff --git a/tests/integration/test-data/cache-poisoning/issue-378-repro.yml b/crates/zizmor/tests/integration/test-data/cache-poisoning/issue-378-repro.yml similarity index 100% rename from tests/integration/test-data/cache-poisoning/issue-378-repro.yml rename to crates/zizmor/tests/integration/test-data/cache-poisoning/issue-378-repro.yml diff --git a/tests/integration/test-data/cache-poisoning/issue-642-repro.yml b/crates/zizmor/tests/integration/test-data/cache-poisoning/issue-642-repro.yml similarity index 100% rename from tests/integration/test-data/cache-poisoning/issue-642-repro.yml rename to crates/zizmor/tests/integration/test-data/cache-poisoning/issue-642-repro.yml diff --git a/tests/integration/test-data/cache-poisoning/no-cache-aware-steps.yml b/crates/zizmor/tests/integration/test-data/cache-poisoning/no-cache-aware-steps.yml similarity index 100% rename from tests/integration/test-data/cache-poisoning/no-cache-aware-steps.yml rename to crates/zizmor/tests/integration/test-data/cache-poisoning/no-cache-aware-steps.yml diff --git a/tests/integration/test-data/cache-poisoning/publisher-step.yml b/crates/zizmor/tests/integration/test-data/cache-poisoning/publisher-step.yml similarity index 100% rename from tests/integration/test-data/cache-poisoning/publisher-step.yml rename to crates/zizmor/tests/integration/test-data/cache-poisoning/publisher-step.yml diff --git a/tests/integration/test-data/cache-poisoning/workflow-release-branch-trigger.yml b/crates/zizmor/tests/integration/test-data/cache-poisoning/workflow-release-branch-trigger.yml similarity index 100% rename from tests/integration/test-data/cache-poisoning/workflow-release-branch-trigger.yml rename to crates/zizmor/tests/integration/test-data/cache-poisoning/workflow-release-branch-trigger.yml diff --git a/tests/integration/test-data/cache-poisoning/workflow-tag-trigger.yml b/crates/zizmor/tests/integration/test-data/cache-poisoning/workflow-tag-trigger.yml similarity index 100% rename from tests/integration/test-data/cache-poisoning/workflow-tag-trigger.yml rename to crates/zizmor/tests/integration/test-data/cache-poisoning/workflow-tag-trigger.yml diff --git a/tests/integration/test-data/e2e-menagerie/.github/dummy-action-2/action.yml b/crates/zizmor/tests/integration/test-data/e2e-menagerie/.github/dummy-action-2/action.yml similarity index 100% rename from tests/integration/test-data/e2e-menagerie/.github/dummy-action-2/action.yml rename to crates/zizmor/tests/integration/test-data/e2e-menagerie/.github/dummy-action-2/action.yml diff --git a/tests/integration/test-data/e2e-menagerie/.github/workflows/another-dummy.yml b/crates/zizmor/tests/integration/test-data/e2e-menagerie/.github/workflows/another-dummy.yml similarity index 100% rename from tests/integration/test-data/e2e-menagerie/.github/workflows/another-dummy.yml rename to crates/zizmor/tests/integration/test-data/e2e-menagerie/.github/workflows/another-dummy.yml diff --git a/tests/integration/test-data/e2e-menagerie/.github/workflows/dummy.yml b/crates/zizmor/tests/integration/test-data/e2e-menagerie/.github/workflows/dummy.yml similarity index 100% rename from tests/integration/test-data/e2e-menagerie/.github/workflows/dummy.yml rename to crates/zizmor/tests/integration/test-data/e2e-menagerie/.github/workflows/dummy.yml diff --git a/tests/integration/test-data/e2e-menagerie/.github/workflows/ignored.yaml b/crates/zizmor/tests/integration/test-data/e2e-menagerie/.github/workflows/ignored.yaml similarity index 100% rename from tests/integration/test-data/e2e-menagerie/.github/workflows/ignored.yaml rename to crates/zizmor/tests/integration/test-data/e2e-menagerie/.github/workflows/ignored.yaml diff --git a/tests/integration/test-data/e2e-menagerie/.gitignore b/crates/zizmor/tests/integration/test-data/e2e-menagerie/.gitignore similarity index 100% rename from tests/integration/test-data/e2e-menagerie/.gitignore rename to crates/zizmor/tests/integration/test-data/e2e-menagerie/.gitignore diff --git a/tests/integration/test-data/e2e-menagerie/README.md b/crates/zizmor/tests/integration/test-data/e2e-menagerie/README.md similarity index 100% rename from tests/integration/test-data/e2e-menagerie/README.md rename to crates/zizmor/tests/integration/test-data/e2e-menagerie/README.md diff --git a/tests/integration/test-data/e2e-menagerie/dummy-action-1/action.yaml b/crates/zizmor/tests/integration/test-data/e2e-menagerie/dummy-action-1/action.yaml similarity index 100% rename from tests/integration/test-data/e2e-menagerie/dummy-action-1/action.yaml rename to crates/zizmor/tests/integration/test-data/e2e-menagerie/dummy-action-1/action.yaml diff --git a/tests/integration/test-data/excessive-permissions.yml b/crates/zizmor/tests/integration/test-data/excessive-permissions.yml similarity index 100% rename from tests/integration/test-data/excessive-permissions.yml rename to crates/zizmor/tests/integration/test-data/excessive-permissions.yml diff --git a/tests/integration/test-data/excessive-permissions/issue-336-repro.yml b/crates/zizmor/tests/integration/test-data/excessive-permissions/issue-336-repro.yml similarity index 100% rename from tests/integration/test-data/excessive-permissions/issue-336-repro.yml rename to crates/zizmor/tests/integration/test-data/excessive-permissions/issue-336-repro.yml diff --git a/tests/integration/test-data/excessive-permissions/issue-472-repro.yml b/crates/zizmor/tests/integration/test-data/excessive-permissions/issue-472-repro.yml similarity index 100% rename from tests/integration/test-data/excessive-permissions/issue-472-repro.yml rename to crates/zizmor/tests/integration/test-data/excessive-permissions/issue-472-repro.yml diff --git a/tests/integration/test-data/excessive-permissions/jobs-broaden-permissions.yml b/crates/zizmor/tests/integration/test-data/excessive-permissions/jobs-broaden-permissions.yml similarity index 100% rename from tests/integration/test-data/excessive-permissions/jobs-broaden-permissions.yml rename to crates/zizmor/tests/integration/test-data/excessive-permissions/jobs-broaden-permissions.yml diff --git a/tests/integration/test-data/excessive-permissions/reusable-workflow-call.yml b/crates/zizmor/tests/integration/test-data/excessive-permissions/reusable-workflow-call.yml similarity index 100% rename from tests/integration/test-data/excessive-permissions/reusable-workflow-call.yml rename to crates/zizmor/tests/integration/test-data/excessive-permissions/reusable-workflow-call.yml diff --git a/tests/integration/test-data/excessive-permissions/reusable-workflow-other-triggers.yml b/crates/zizmor/tests/integration/test-data/excessive-permissions/reusable-workflow-other-triggers.yml similarity index 100% rename from tests/integration/test-data/excessive-permissions/reusable-workflow-other-triggers.yml rename to crates/zizmor/tests/integration/test-data/excessive-permissions/reusable-workflow-other-triggers.yml diff --git a/tests/integration/test-data/excessive-permissions/workflow-default-perms-all-jobs-explicit.yml b/crates/zizmor/tests/integration/test-data/excessive-permissions/workflow-default-perms-all-jobs-explicit.yml similarity index 100% rename from tests/integration/test-data/excessive-permissions/workflow-default-perms-all-jobs-explicit.yml rename to crates/zizmor/tests/integration/test-data/excessive-permissions/workflow-default-perms-all-jobs-explicit.yml diff --git a/tests/integration/test-data/excessive-permissions/workflow-default-perms.yml b/crates/zizmor/tests/integration/test-data/excessive-permissions/workflow-default-perms.yml similarity index 100% rename from tests/integration/test-data/excessive-permissions/workflow-default-perms.yml rename to crates/zizmor/tests/integration/test-data/excessive-permissions/workflow-default-perms.yml diff --git a/tests/integration/test-data/excessive-permissions/workflow-empty-perms.yml b/crates/zizmor/tests/integration/test-data/excessive-permissions/workflow-empty-perms.yml similarity index 100% rename from tests/integration/test-data/excessive-permissions/workflow-empty-perms.yml rename to crates/zizmor/tests/integration/test-data/excessive-permissions/workflow-empty-perms.yml diff --git a/tests/integration/test-data/excessive-permissions/workflow-read-all.yml b/crates/zizmor/tests/integration/test-data/excessive-permissions/workflow-read-all.yml similarity index 100% rename from tests/integration/test-data/excessive-permissions/workflow-read-all.yml rename to crates/zizmor/tests/integration/test-data/excessive-permissions/workflow-read-all.yml diff --git a/tests/integration/test-data/excessive-permissions/workflow-write-all.yml b/crates/zizmor/tests/integration/test-data/excessive-permissions/workflow-write-all.yml similarity index 100% rename from tests/integration/test-data/excessive-permissions/workflow-write-all.yml rename to crates/zizmor/tests/integration/test-data/excessive-permissions/workflow-write-all.yml diff --git a/tests/integration/test-data/excessive-permissions/workflow-write-explicit.yml b/crates/zizmor/tests/integration/test-data/excessive-permissions/workflow-write-explicit.yml similarity index 100% rename from tests/integration/test-data/excessive-permissions/workflow-write-explicit.yml rename to crates/zizmor/tests/integration/test-data/excessive-permissions/workflow-write-explicit.yml diff --git a/tests/integration/test-data/forbidden-uses/configs/allow-all.yml b/crates/zizmor/tests/integration/test-data/forbidden-uses/configs/allow-all.yml similarity index 100% rename from tests/integration/test-data/forbidden-uses/configs/allow-all.yml rename to crates/zizmor/tests/integration/test-data/forbidden-uses/configs/allow-all.yml diff --git a/tests/integration/test-data/forbidden-uses/configs/allow-some-refs.yml b/crates/zizmor/tests/integration/test-data/forbidden-uses/configs/allow-some-refs.yml similarity index 100% rename from tests/integration/test-data/forbidden-uses/configs/allow-some-refs.yml rename to crates/zizmor/tests/integration/test-data/forbidden-uses/configs/allow-some-refs.yml diff --git a/tests/integration/test-data/forbidden-uses/configs/allow-some.yml b/crates/zizmor/tests/integration/test-data/forbidden-uses/configs/allow-some.yml similarity index 100% rename from tests/integration/test-data/forbidden-uses/configs/allow-some.yml rename to crates/zizmor/tests/integration/test-data/forbidden-uses/configs/allow-some.yml diff --git a/tests/integration/test-data/forbidden-uses/configs/deny-all.yml b/crates/zizmor/tests/integration/test-data/forbidden-uses/configs/deny-all.yml similarity index 100% rename from tests/integration/test-data/forbidden-uses/configs/deny-all.yml rename to crates/zizmor/tests/integration/test-data/forbidden-uses/configs/deny-all.yml diff --git a/tests/integration/test-data/forbidden-uses/configs/deny-some-refs.yml b/crates/zizmor/tests/integration/test-data/forbidden-uses/configs/deny-some-refs.yml similarity index 100% rename from tests/integration/test-data/forbidden-uses/configs/deny-some-refs.yml rename to crates/zizmor/tests/integration/test-data/forbidden-uses/configs/deny-some-refs.yml diff --git a/tests/integration/test-data/forbidden-uses/configs/deny-some.yml b/crates/zizmor/tests/integration/test-data/forbidden-uses/configs/deny-some.yml similarity index 100% rename from tests/integration/test-data/forbidden-uses/configs/deny-some.yml rename to crates/zizmor/tests/integration/test-data/forbidden-uses/configs/deny-some.yml diff --git a/tests/integration/test-data/forbidden-uses/forbidden-uses-menagerie.yml b/crates/zizmor/tests/integration/test-data/forbidden-uses/forbidden-uses-menagerie.yml similarity index 100% rename from tests/integration/test-data/forbidden-uses/forbidden-uses-menagerie.yml rename to crates/zizmor/tests/integration/test-data/forbidden-uses/forbidden-uses-menagerie.yml diff --git a/tests/integration/test-data/github-env/action.yml b/crates/zizmor/tests/integration/test-data/github-env/action.yml similarity index 100% rename from tests/integration/test-data/github-env/action.yml rename to crates/zizmor/tests/integration/test-data/github-env/action.yml diff --git a/tests/integration/test-data/github-env/github-path.yml b/crates/zizmor/tests/integration/test-data/github-env/github-path.yml similarity index 100% rename from tests/integration/test-data/github-env/github-path.yml rename to crates/zizmor/tests/integration/test-data/github-env/github-path.yml diff --git a/tests/integration/test-data/github-env/issue-397-repro.yml b/crates/zizmor/tests/integration/test-data/github-env/issue-397-repro.yml similarity index 100% rename from tests/integration/test-data/github-env/issue-397-repro.yml rename to crates/zizmor/tests/integration/test-data/github-env/issue-397-repro.yml diff --git a/tests/integration/test-data/github_env.yml b/crates/zizmor/tests/integration/test-data/github_env.yml similarity index 100% rename from tests/integration/test-data/github_env.yml rename to crates/zizmor/tests/integration/test-data/github_env.yml diff --git a/tests/integration/test-data/hardcoded-credentials.yml b/crates/zizmor/tests/integration/test-data/hardcoded-credentials.yml similarity index 100% rename from tests/integration/test-data/hardcoded-credentials.yml rename to crates/zizmor/tests/integration/test-data/hardcoded-credentials.yml diff --git a/tests/integration/test-data/inlined-ignores.yml b/crates/zizmor/tests/integration/test-data/inlined-ignores.yml similarity index 100% rename from tests/integration/test-data/inlined-ignores.yml rename to crates/zizmor/tests/integration/test-data/inlined-ignores.yml diff --git a/tests/integration/test-data/insecure-commands.yml b/crates/zizmor/tests/integration/test-data/insecure-commands.yml similarity index 100% rename from tests/integration/test-data/insecure-commands.yml rename to crates/zizmor/tests/integration/test-data/insecure-commands.yml diff --git a/tests/integration/test-data/insecure-commands/action.yml b/crates/zizmor/tests/integration/test-data/insecure-commands/action.yml similarity index 100% rename from tests/integration/test-data/insecure-commands/action.yml rename to crates/zizmor/tests/integration/test-data/insecure-commands/action.yml diff --git a/tests/integration/test-data/invalid/bad-yaml-1.yml b/crates/zizmor/tests/integration/test-data/invalid/bad-yaml-1.yml similarity index 100% rename from tests/integration/test-data/invalid/bad-yaml-1.yml rename to crates/zizmor/tests/integration/test-data/invalid/bad-yaml-1.yml diff --git a/tests/integration/test-data/invalid/bad-yaml-2.yml b/crates/zizmor/tests/integration/test-data/invalid/bad-yaml-2.yml similarity index 100% rename from tests/integration/test-data/invalid/bad-yaml-2.yml rename to crates/zizmor/tests/integration/test-data/invalid/bad-yaml-2.yml diff --git a/tests/integration/test-data/invalid/blank.yml b/crates/zizmor/tests/integration/test-data/invalid/blank.yml similarity index 100% rename from tests/integration/test-data/invalid/blank.yml rename to crates/zizmor/tests/integration/test-data/invalid/blank.yml diff --git a/tests/integration/test-data/invalid/comment-only.yml b/crates/zizmor/tests/integration/test-data/invalid/comment-only.yml similarity index 100% rename from tests/integration/test-data/invalid/comment-only.yml rename to crates/zizmor/tests/integration/test-data/invalid/comment-only.yml diff --git a/tests/integration/test-data/invalid/empty-action/action.yml b/crates/zizmor/tests/integration/test-data/invalid/empty-action/action.yml similarity index 100% rename from tests/integration/test-data/invalid/empty-action/action.yml rename to crates/zizmor/tests/integration/test-data/invalid/empty-action/action.yml diff --git a/tests/integration/test-data/invalid/empty.yml b/crates/zizmor/tests/integration/test-data/invalid/empty.yml similarity index 100% rename from tests/integration/test-data/invalid/empty.yml rename to crates/zizmor/tests/integration/test-data/invalid/empty.yml diff --git a/tests/integration/test-data/invalid/invalid-action-1/action.yml b/crates/zizmor/tests/integration/test-data/invalid/invalid-action-1/action.yml similarity index 100% rename from tests/integration/test-data/invalid/invalid-action-1/action.yml rename to crates/zizmor/tests/integration/test-data/invalid/invalid-action-1/action.yml diff --git a/tests/integration/test-data/invalid/invalid-action-2/action.yml b/crates/zizmor/tests/integration/test-data/invalid/invalid-action-2/action.yml similarity index 100% rename from tests/integration/test-data/invalid/invalid-action-2/action.yml rename to crates/zizmor/tests/integration/test-data/invalid/invalid-action-2/action.yml diff --git a/tests/integration/test-data/invalid/invalid-workflow-2.yml b/crates/zizmor/tests/integration/test-data/invalid/invalid-workflow-2.yml similarity index 100% rename from tests/integration/test-data/invalid/invalid-workflow-2.yml rename to crates/zizmor/tests/integration/test-data/invalid/invalid-workflow-2.yml diff --git a/tests/integration/test-data/invalid/invalid-workflow.yml b/crates/zizmor/tests/integration/test-data/invalid/invalid-workflow.yml similarity index 100% rename from tests/integration/test-data/invalid/invalid-workflow.yml rename to crates/zizmor/tests/integration/test-data/invalid/invalid-workflow.yml diff --git a/tests/integration/test-data/issue-612-repro/action.yml b/crates/zizmor/tests/integration/test-data/issue-612-repro/action.yml similarity index 100% rename from tests/integration/test-data/issue-612-repro/action.yml rename to crates/zizmor/tests/integration/test-data/issue-612-repro/action.yml diff --git a/tests/integration/test-data/obfuscation.yml b/crates/zizmor/tests/integration/test-data/obfuscation.yml similarity index 100% rename from tests/integration/test-data/obfuscation.yml rename to crates/zizmor/tests/integration/test-data/obfuscation.yml diff --git a/tests/integration/test-data/overprovisioned-secrets.yml b/crates/zizmor/tests/integration/test-data/overprovisioned-secrets.yml similarity index 100% rename from tests/integration/test-data/overprovisioned-secrets.yml rename to crates/zizmor/tests/integration/test-data/overprovisioned-secrets.yml diff --git a/tests/integration/test-data/ref-confusion.yml b/crates/zizmor/tests/integration/test-data/ref-confusion.yml similarity index 100% rename from tests/integration/test-data/ref-confusion.yml rename to crates/zizmor/tests/integration/test-data/ref-confusion.yml diff --git a/tests/integration/test-data/ref-confusion/issue-518-repro.yml b/crates/zizmor/tests/integration/test-data/ref-confusion/issue-518-repro.yml similarity index 100% rename from tests/integration/test-data/ref-confusion/issue-518-repro.yml rename to crates/zizmor/tests/integration/test-data/ref-confusion/issue-518-repro.yml diff --git a/tests/integration/test-data/secrets-inherit.yml b/crates/zizmor/tests/integration/test-data/secrets-inherit.yml similarity index 100% rename from tests/integration/test-data/secrets-inherit.yml rename to crates/zizmor/tests/integration/test-data/secrets-inherit.yml diff --git a/tests/integration/test-data/self-hosted.yml b/crates/zizmor/tests/integration/test-data/self-hosted.yml similarity index 100% rename from tests/integration/test-data/self-hosted.yml rename to crates/zizmor/tests/integration/test-data/self-hosted.yml diff --git a/tests/integration/test-data/self-hosted/issue-283-repro.yml b/crates/zizmor/tests/integration/test-data/self-hosted/issue-283-repro.yml similarity index 100% rename from tests/integration/test-data/self-hosted/issue-283-repro.yml rename to crates/zizmor/tests/integration/test-data/self-hosted/issue-283-repro.yml diff --git a/tests/integration/test-data/self-hosted/self-hosted-matrix-dimension.yml b/crates/zizmor/tests/integration/test-data/self-hosted/self-hosted-matrix-dimension.yml similarity index 100% rename from tests/integration/test-data/self-hosted/self-hosted-matrix-dimension.yml rename to crates/zizmor/tests/integration/test-data/self-hosted/self-hosted-matrix-dimension.yml diff --git a/tests/integration/test-data/self-hosted/self-hosted-matrix-exclusion.yml b/crates/zizmor/tests/integration/test-data/self-hosted/self-hosted-matrix-exclusion.yml similarity index 100% rename from tests/integration/test-data/self-hosted/self-hosted-matrix-exclusion.yml rename to crates/zizmor/tests/integration/test-data/self-hosted/self-hosted-matrix-exclusion.yml diff --git a/tests/integration/test-data/self-hosted/self-hosted-matrix-inclusion.yml b/crates/zizmor/tests/integration/test-data/self-hosted/self-hosted-matrix-inclusion.yml similarity index 100% rename from tests/integration/test-data/self-hosted/self-hosted-matrix-inclusion.yml rename to crates/zizmor/tests/integration/test-data/self-hosted/self-hosted-matrix-inclusion.yml diff --git a/tests/integration/test-data/self-hosted/self-hosted-runner-group.yml b/crates/zizmor/tests/integration/test-data/self-hosted/self-hosted-runner-group.yml similarity index 100% rename from tests/integration/test-data/self-hosted/self-hosted-runner-group.yml rename to crates/zizmor/tests/integration/test-data/self-hosted/self-hosted-runner-group.yml diff --git a/tests/integration/test-data/self-hosted/self-hosted-runner-label.yml b/crates/zizmor/tests/integration/test-data/self-hosted/self-hosted-runner-label.yml similarity index 100% rename from tests/integration/test-data/self-hosted/self-hosted-runner-label.yml rename to crates/zizmor/tests/integration/test-data/self-hosted/self-hosted-runner-label.yml diff --git a/tests/integration/test-data/several-vulnerabilities.yml b/crates/zizmor/tests/integration/test-data/several-vulnerabilities.yml similarity index 100% rename from tests/integration/test-data/several-vulnerabilities.yml rename to crates/zizmor/tests/integration/test-data/several-vulnerabilities.yml diff --git a/tests/integration/test-data/stale-action-refs.yml b/crates/zizmor/tests/integration/test-data/stale-action-refs.yml similarity index 100% rename from tests/integration/test-data/stale-action-refs.yml rename to crates/zizmor/tests/integration/test-data/stale-action-refs.yml diff --git a/tests/integration/test-data/template-injection.yml b/crates/zizmor/tests/integration/test-data/template-injection.yml similarity index 100% rename from tests/integration/test-data/template-injection.yml rename to crates/zizmor/tests/integration/test-data/template-injection.yml diff --git a/tests/integration/test-data/template-injection/dataflow.yml b/crates/zizmor/tests/integration/test-data/template-injection/dataflow.yml similarity index 100% rename from tests/integration/test-data/template-injection/dataflow.yml rename to crates/zizmor/tests/integration/test-data/template-injection/dataflow.yml diff --git a/tests/integration/test-data/template-injection/false-positive-menagerie.yml b/crates/zizmor/tests/integration/test-data/template-injection/false-positive-menagerie.yml similarity index 100% rename from tests/integration/test-data/template-injection/false-positive-menagerie.yml rename to crates/zizmor/tests/integration/test-data/template-injection/false-positive-menagerie.yml diff --git a/tests/integration/test-data/template-injection/issue-22-repro.yml b/crates/zizmor/tests/integration/test-data/template-injection/issue-22-repro.yml similarity index 100% rename from tests/integration/test-data/template-injection/issue-22-repro.yml rename to crates/zizmor/tests/integration/test-data/template-injection/issue-22-repro.yml diff --git a/tests/integration/test-data/template-injection/issue-339-repro.yml b/crates/zizmor/tests/integration/test-data/template-injection/issue-339-repro.yml similarity index 100% rename from tests/integration/test-data/template-injection/issue-339-repro.yml rename to crates/zizmor/tests/integration/test-data/template-injection/issue-339-repro.yml diff --git a/tests/integration/test-data/template-injection/issue-418-repro.yml b/crates/zizmor/tests/integration/test-data/template-injection/issue-418-repro.yml similarity index 100% rename from tests/integration/test-data/template-injection/issue-418-repro.yml rename to crates/zizmor/tests/integration/test-data/template-injection/issue-418-repro.yml diff --git a/tests/integration/test-data/template-injection/pr-317-repro.yml b/crates/zizmor/tests/integration/test-data/template-injection/pr-317-repro.yml similarity index 100% rename from tests/integration/test-data/template-injection/pr-317-repro.yml rename to crates/zizmor/tests/integration/test-data/template-injection/pr-317-repro.yml diff --git a/tests/integration/test-data/template-injection/pr-425-backstop/action.yml b/crates/zizmor/tests/integration/test-data/template-injection/pr-425-backstop/action.yml similarity index 100% rename from tests/integration/test-data/template-injection/pr-425-backstop/action.yml rename to crates/zizmor/tests/integration/test-data/template-injection/pr-425-backstop/action.yml diff --git a/tests/integration/test-data/template-injection/static-env.yml b/crates/zizmor/tests/integration/test-data/template-injection/static-env.yml similarity index 100% rename from tests/integration/test-data/template-injection/static-env.yml rename to crates/zizmor/tests/integration/test-data/template-injection/static-env.yml diff --git a/tests/integration/test-data/template-injection/template-injection-dynamic-matrix.yml b/crates/zizmor/tests/integration/test-data/template-injection/template-injection-dynamic-matrix.yml similarity index 100% rename from tests/integration/test-data/template-injection/template-injection-dynamic-matrix.yml rename to crates/zizmor/tests/integration/test-data/template-injection/template-injection-dynamic-matrix.yml diff --git a/tests/integration/test-data/template-injection/template-injection-static-matrix.yml b/crates/zizmor/tests/integration/test-data/template-injection/template-injection-static-matrix.yml similarity index 100% rename from tests/integration/test-data/template-injection/template-injection-static-matrix.yml rename to crates/zizmor/tests/integration/test-data/template-injection/template-injection-static-matrix.yml diff --git a/tests/integration/test-data/unpinned-images.yml b/crates/zizmor/tests/integration/test-data/unpinned-images.yml similarity index 100% rename from tests/integration/test-data/unpinned-images.yml rename to crates/zizmor/tests/integration/test-data/unpinned-images.yml diff --git a/tests/integration/test-data/unpinned-uses.yml b/crates/zizmor/tests/integration/test-data/unpinned-uses.yml similarity index 100% rename from tests/integration/test-data/unpinned-uses.yml rename to crates/zizmor/tests/integration/test-data/unpinned-uses.yml diff --git a/tests/integration/test-data/unpinned-uses/action.yml b/crates/zizmor/tests/integration/test-data/unpinned-uses/action.yml similarity index 100% rename from tests/integration/test-data/unpinned-uses/action.yml rename to crates/zizmor/tests/integration/test-data/unpinned-uses/action.yml diff --git a/tests/integration/test-data/unpinned-uses/configs/composite-2.yml b/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/composite-2.yml similarity index 100% rename from tests/integration/test-data/unpinned-uses/configs/composite-2.yml rename to crates/zizmor/tests/integration/test-data/unpinned-uses/configs/composite-2.yml diff --git a/tests/integration/test-data/unpinned-uses/configs/composite.yml b/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/composite.yml similarity index 100% rename from tests/integration/test-data/unpinned-uses/configs/composite.yml rename to crates/zizmor/tests/integration/test-data/unpinned-uses/configs/composite.yml diff --git a/tests/integration/test-data/unpinned-uses/configs/empty.yml b/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/empty.yml similarity index 100% rename from tests/integration/test-data/unpinned-uses/configs/empty.yml rename to crates/zizmor/tests/integration/test-data/unpinned-uses/configs/empty.yml diff --git a/tests/integration/test-data/unpinned-uses/configs/hash-pin-everything.yml b/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/hash-pin-everything.yml similarity index 100% rename from tests/integration/test-data/unpinned-uses/configs/hash-pin-everything.yml rename to crates/zizmor/tests/integration/test-data/unpinned-uses/configs/hash-pin-everything.yml diff --git a/tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-1.yml b/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-1.yml similarity index 100% rename from tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-1.yml rename to crates/zizmor/tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-1.yml diff --git a/tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-2.yml b/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-2.yml similarity index 100% rename from tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-2.yml rename to crates/zizmor/tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-2.yml diff --git a/tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-3.yml b/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-3.yml similarity index 100% rename from tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-3.yml rename to crates/zizmor/tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-3.yml diff --git a/tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-4.yml b/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-4.yml similarity index 100% rename from tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-4.yml rename to crates/zizmor/tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-4.yml diff --git a/tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-5.yml b/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-5.yml similarity index 100% rename from tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-5.yml rename to crates/zizmor/tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-5.yml diff --git a/tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-6.yml b/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-6.yml similarity index 100% rename from tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-6.yml rename to crates/zizmor/tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-6.yml diff --git a/tests/integration/test-data/unpinned-uses/configs/invalid-wrong-policy-object.yml b/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/invalid-wrong-policy-object.yml similarity index 100% rename from tests/integration/test-data/unpinned-uses/configs/invalid-wrong-policy-object.yml rename to crates/zizmor/tests/integration/test-data/unpinned-uses/configs/invalid-wrong-policy-object.yml diff --git a/tests/integration/test-data/unpinned-uses/configs/ref-pin-everything.yml b/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/ref-pin-everything.yml similarity index 100% rename from tests/integration/test-data/unpinned-uses/configs/ref-pin-everything.yml rename to crates/zizmor/tests/integration/test-data/unpinned-uses/configs/ref-pin-everything.yml diff --git a/tests/integration/test-data/unpinned-uses/issue-433-repro.yml b/crates/zizmor/tests/integration/test-data/unpinned-uses/issue-433-repro.yml similarity index 100% rename from tests/integration/test-data/unpinned-uses/issue-433-repro.yml rename to crates/zizmor/tests/integration/test-data/unpinned-uses/issue-433-repro.yml diff --git a/tests/integration/test-data/unpinned-uses/issue-659-repro.yml b/crates/zizmor/tests/integration/test-data/unpinned-uses/issue-659-repro.yml similarity index 100% rename from tests/integration/test-data/unpinned-uses/issue-659-repro.yml rename to crates/zizmor/tests/integration/test-data/unpinned-uses/issue-659-repro.yml diff --git a/tests/integration/test-data/unpinned-uses/menagerie-of-uses.yml b/crates/zizmor/tests/integration/test-data/unpinned-uses/menagerie-of-uses.yml similarity index 100% rename from tests/integration/test-data/unpinned-uses/menagerie-of-uses.yml rename to crates/zizmor/tests/integration/test-data/unpinned-uses/menagerie-of-uses.yml diff --git a/tests/integration/test-data/unredacted-secrets.yml b/crates/zizmor/tests/integration/test-data/unredacted-secrets.yml similarity index 100% rename from tests/integration/test-data/unredacted-secrets.yml rename to crates/zizmor/tests/integration/test-data/unredacted-secrets.yml diff --git a/tests/integration/test-data/unsound-contains.yml b/crates/zizmor/tests/integration/test-data/unsound-contains.yml similarity index 100% rename from tests/integration/test-data/unsound-contains.yml rename to crates/zizmor/tests/integration/test-data/unsound-contains.yml diff --git a/tests/integration/test-data/use-trusted-publishing.yml b/crates/zizmor/tests/integration/test-data/use-trusted-publishing.yml similarity index 100% rename from tests/integration/test-data/use-trusted-publishing.yml rename to crates/zizmor/tests/integration/test-data/use-trusted-publishing.yml diff --git a/docs/development.md b/docs/development.md index c0120cc3..6db15ec5 100644 --- a/docs/development.md +++ b/docs/development.md @@ -254,12 +254,12 @@ Some things that can be useful to discuss beforehand: When developing a new `zizmor` audit, there are a couple of implementation details to be aware of: -- All existing audits live in a Rust modules grouped under `src/audit` folder -- The expected behavior for all audits is defined by the `Audit` trait at `src/audit/mod.rs` -- The expected outcome of an executed audit is defined by the `Finding` struct at `src/finding/mod.rs` -- Any `Audit` implementation can have access to an `AuditState` instance, as per `src/state.rs` -- If an audit requires data from the GitHub API, there is a `Client` implementation at `src/github_api.rs` -- All the audits must be registered at `src/main.rs` according to the `register_audit!` macro +- All existing audits live in a Rust modules grouped under `crates/zizmor/src/audit` folder +- The expected behavior for all audits is defined by the `Audit` trait at `crates/zizmor/src/audit/mod.rs` +- The expected outcome of an executed audit is defined by the `Finding` struct at `crates/zizmor/src/finding/mod.rs` +- Any `Audit` implementation can have access to an `AuditState` instance, as per `crates/zizmor/src/state.rs` +- If an audit requires data from the GitHub API, there is a `Client` implementation at `crates/zizmor/src/github_api.rs` +- All the audits must be registered at `crates/zizmor/src/main.rs` according to the `register_audit!` macro Last but not least, it's useful to run the following checks before opening a Pull Request: @@ -286,14 +286,14 @@ cargo test The general procedure for adding a new audit can be described as: -- Define a new file at `src/audit/my_new_audit.rs` +- Define a new file at `crates/zizmor/src/audit/my_new_audit.rs` - Define a struct like `MyNewAudit` - Use the `audit_meta!` macro to implement `AuditCore` for `MyNewAudit` - Implement the `Audit` trait for `MyNewAudit` - You may want to use both the `AuditState` and `github_api::Client` to get the job done - Assign the proper `location` when creating a `Finding`, grabbing it from the proper `Workflow`, `Job` or `Step` instance -- Register `MyNewAudit` in the known audits at `src/main.rs` +- Register `MyNewAudit` in the known audits at `crates/zizmor/src/main.rs` - Add proper integration tests covering some scenarios at `tests/acceptance.rs` - Add proper docs for this new audit at `docs/audits`. Take care to add your new heading in alpha order relative to the other audit headings. Please include @@ -325,7 +325,7 @@ working as expected. The general procedure for changing an existing audit is: -- Locate the existing audit file at `src/audit` +- Locate the existing audit file at `crates/zizmor/src/audit` - Change the behaviour to match new requirements there (e.g. consuming a new CLI info exposed through `AuditState`) - Ensure that tests and samples at `tests/` reflect changed behaviour accordingly (e.g. the confidence for finding has changed) - Ensure that `docs/audits` reflect changed behaviour accordingly (e.g. an audit that is no longer pedantic)