mirrors/zizmor
1
0
Fork 0
mirror of https://github.com/zizmorcore/zizmor.git synced 2025-12-23 08:47:33 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

feat: refactor --collect (#1228)
Some checks failed
CI / Lint (push) Has been cancelled
Details
zizmor wheel builds for PyPI 🐍 / Build source distribution (push) Has been cancelled
Details
Benchmark baseline / Continuous Benchmarking with Bencher (push) Has been cancelled
Details
CI / Test (push) Has been cancelled
Details
CI / Test site build (push) Has been cancelled
Details
zizmor wheel builds for PyPI 🐍 / Build Linux wheels (manylinux) (push) Has been cancelled
Details
zizmor wheel builds for PyPI 🐍 / Build Linux wheels (musllinux) (push) Has been cancelled
Details
zizmor wheel builds for PyPI 🐍 / Build Windows wheels (push) Has been cancelled
Details
zizmor wheel builds for PyPI 🐍 / Build macOS wheels (push) Has been cancelled
Details
Deploy zizmor documentation site 🌐 / Deploy zizmor documentation to GitHub Pages 🌐 (push) Has been cancelled
Details
GitHub Actions Security Analysis with zizmor 🌈 / Run zizmor 🌈 (push) Has been cancelled
Details
zizmor wheel builds for PyPI 🐍 / Release (push) Has been cancelled
Details
CI / All tests pass (push) Has been cancelled
Details

Browse source
This commit is contained in:
William Woodruff 2025-10-12 00:41:32 -04:00 committed by GitHub
parent 76c1b19008
commit d4c5a62cfb
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
9 changed files with 257 additions and 53 deletions
Download patch file Download diff file Expand all files Collapse all files

27
docs/usage.md
View file

@ -44,13 +44,13 @@ There are three input sources that `zizmor` knows about:
sources can be mixed and matched:
```bash
# audit a single local workflow, an entire local repository, and
# audit a single local workflow, an entire local directory, and
# a remote repository all in the same run
zizmor ../example.yml ../other-repo/ example/example
```
When auditing local and/or remote repositories, `zizmor` will collect
all known input kinds by default. To configure collection behavior,
When auditing local directories and/or remote repositories, `zizmor` will
collect all known input kinds by default. To configure collection behavior,
you can use the `--collect=...` option.
```bash
@ -61,15 +61,27 @@ zizmor --collect=all example/example
zizmor --collect=default example/example
# collect only workflows
zizmor --collect=workflows-only example/example
zizmor --collect=workflows example/example
# collect only actions
zizmor --collect=actions-only example/example
zizmor --collect=actions example/example
# collect only Dependabot configs
zizmor --collect=dependabot-only example/example
zizmor --collect=dependabot example/example
# collect only workflows and actions (not Dependabot configs)
zizmor --collect=workflows,actions example/example
```
!!! warning "Deprecation"
`--collect=workflows-only` and `--collect=actions-only` are
deprecated aliases for `--collect=workflows` and
`--collect=actions`, respectively, as of `v1.15.0`.
Users should switch to the non-deprecated forms, as the deprecated
forms will be removed in a future release.
!!! tip
`--collect=all` can be significantly slower than `--collect=default`,
@ -79,7 +91,7 @@ zizmor --collect=dependabot-only example/example
!!! tip
`--collect=...` only controls input collection from repository input
sources. In other words, `zizmor --collect=actions-only workflow.yml`
sources. In other words, `zizmor --collect=actions workflow.yml`
*will* audit `workflow.yml`, since it was passed explicitly and not
collected indirectly.
@ -398,6 +410,7 @@ annotations.
| ---- | ------- |
| 0 | Successful audit; no findings to report (or SARIF mode enabled). |
| 1 | Error during audit; consult output. |
| 2 | Argument parsing failure; consult output. |
| 11 | One or more findings found; highest finding is "informational" level. |
| 12 | One or more findings found; highest finding is "low" level. |
| 13 | One or more findings found; highest finding is "medium" level. |