William Woodruff
3b1951b71e
feat: add --show-audit-urls=... for controlling URL rendering ( #1391 )
2025-11-29 20:05:00 -05:00
William Woodruff
91efe72309
docs: add a troubleshooting section on YAML anchors ( #1309 )
2025-11-01 20:30:46 -04:00
William Woodruff
e202bd4ea2
feat: yamlpath: anchor support ( #1266 )
CI / Lint (push) Has been cancelled
zizmor wheel builds for PyPI 🐍 / Build Windows wheels (push) Has been cancelled
zizmor wheel builds for PyPI 🐍 / Build macOS wheels (push) Has been cancelled
zizmor wheel builds for PyPI 🐍 / Build source distribution (push) Has been cancelled
Deploy zizmor documentation site 🌐 / Deploy zizmor documentation to GitHub Pages 🌐 (push) Has been cancelled
CI / Test (push) Has been cancelled
CI / Test site build (push) Has been cancelled
Benchmark baseline / Continuous Benchmarking with Bencher (push) Has been cancelled
zizmor wheel builds for PyPI 🐍 / Build Linux wheels (manylinux) (push) Has been cancelled
zizmor wheel builds for PyPI 🐍 / Build Linux wheels (musllinux) (push) Has been cancelled
GitHub Actions Security Analysis with zizmor 🌈 / Run zizmor 🌈 (push) Has been cancelled
zizmor wheel builds for PyPI 🐍 / Release (push) Has been cancelled
CI / All tests pass (push) Has been cancelled
2025-10-20 21:30:23 -04:00
Chase Naples
eeac63b339
Fix exit code to return 0 when all findings are auto-fixable ( #1242 )
...
Co-authored-by: William Woodruff <william@yossarian.net>
2025-10-14 20:57:34 -04:00
William Woodruff
d9c2d957d6
feat: stabilize the auto-fix mode ( #1232 )
2025-10-13 17:35:23 -04:00
William Woodruff
d4c5a62cfb
feat: refactor --collect ( #1228 )
CI / Lint (push) Has been cancelled
zizmor wheel builds for PyPI 🐍 / Build source distribution (push) Has been cancelled
Benchmark baseline / Continuous Benchmarking with Bencher (push) Has been cancelled
CI / Test (push) Has been cancelled
CI / Test site build (push) Has been cancelled
zizmor wheel builds for PyPI 🐍 / Build Linux wheels (manylinux) (push) Has been cancelled
zizmor wheel builds for PyPI 🐍 / Build Linux wheels (musllinux) (push) Has been cancelled
zizmor wheel builds for PyPI 🐍 / Build Windows wheels (push) Has been cancelled
zizmor wheel builds for PyPI 🐍 / Build macOS wheels (push) Has been cancelled
Deploy zizmor documentation site 🌐 / Deploy zizmor documentation to GitHub Pages 🌐 (push) Has been cancelled
GitHub Actions Security Analysis with zizmor 🌈 / Run zizmor 🌈 (push) Has been cancelled
zizmor wheel builds for PyPI 🐍 / Release (push) Has been cancelled
CI / All tests pass (push) Has been cancelled
2025-10-12 00:41:32 -04:00
William Woodruff
62655cb7c1
feat: dependabot-execution audit ( #1220 )
2025-10-07 18:24:48 -04:00
William Woodruff
d806ef6560
feat: remove unknown severity and confidence ( #1164 )
Benchmark baseline / Continuous Benchmarking with Bencher (push) Waiting to run
CI / Lint (push) Waiting to run
CI / Test (push) Waiting to run
CI / Test site build (push) Waiting to run
CI / All tests pass (push) Blocked by required conditions
zizmor wheel builds for PyPI 🐍 / Build source distribution (push) Waiting to run
zizmor wheel builds for PyPI 🐍 / Build Linux wheels (manylinux) (push) Waiting to run
zizmor wheel builds for PyPI 🐍 / Build Linux wheels (musllinux) (push) Waiting to run
zizmor wheel builds for PyPI 🐍 / Build Windows wheels (push) Waiting to run
zizmor wheel builds for PyPI 🐍 / Build macOS wheels (push) Waiting to run
zizmor wheel builds for PyPI 🐍 / Release (push) Blocked by required conditions
Deploy zizmor documentation site 🌐 / Deploy zizmor documentation to GitHub Pages 🌐 (push) Waiting to run
GitHub Actions Security Analysis with zizmor 🌈 / Run zizmor 🌈 (push) Waiting to run
2025-09-17 22:30:37 -04:00
William Woodruff
eaa30b07c0
fix(docs): fix missing link to GitHub docs ( #1155 )
Benchmark baseline / Continuous Benchmarking with Bencher (push) Waiting to run
CI / Lint (push) Waiting to run
CI / Test (push) Waiting to run
CI / Test site build (push) Waiting to run
CI / All tests pass (push) Blocked by required conditions
zizmor wheel builds for PyPI 🐍 / Build macOS wheels (push) Waiting to run
zizmor wheel builds for PyPI 🐍 / Build Linux wheels (manylinux) (push) Waiting to run
zizmor wheel builds for PyPI 🐍 / Build Linux wheels (musllinux) (push) Waiting to run
zizmor wheel builds for PyPI 🐍 / Build Windows wheels (push) Waiting to run
zizmor wheel builds for PyPI 🐍 / Build source distribution (push) Waiting to run
zizmor wheel builds for PyPI 🐍 / Release (push) Blocked by required conditions
Deploy zizmor documentation site 🌐 / Deploy zizmor documentation to GitHub Pages 🌐 (push) Waiting to run
GitHub Actions Security Analysis with zizmor 🌈 / Run zizmor 🌈 (push) Waiting to run
2025-09-15 00:03:43 +00:00
William Woodruff
d75933e72d
feat: load separate configs for input groups ( #1094 )
Benchmark baseline / Continuous Benchmarking with Bencher (push) Has been cancelled
CI / Lint (push) Has been cancelled
CI / Test (push) Has been cancelled
CI / Test site build (push) Has been cancelled
zizmor wheel builds for PyPI 🐍 / Build Linux wheels (manylinux) (push) Has been cancelled
zizmor wheel builds for PyPI 🐍 / Build Linux wheels (musllinux) (push) Has been cancelled
zizmor wheel builds for PyPI 🐍 / Build Windows wheels (push) Has been cancelled
zizmor wheel builds for PyPI 🐍 / Build macOS wheels (push) Has been cancelled
zizmor wheel builds for PyPI 🐍 / Build source distribution (push) Has been cancelled
Deploy zizmor documentation site 🌐 / Deploy zizmor documentation to GitHub Pages 🌐 (push) Has been cancelled
GitHub Actions Security Analysis with zizmor 🌈 / Run zizmor 🌈 (push) Has been cancelled
CI / All tests pass (push) Has been cancelled
zizmor wheel builds for PyPI 🐍 / Release (push) Has been cancelled
2025-08-27 23:39:13 -04:00
Narsimham Chelluri
803728e8d7
Document that json-v1 uses 0-based line numbers ( #1105 )
Benchmark baseline / Continuous Benchmarking with Bencher (push) Waiting to run
CI / Lint (push) Waiting to run
CI / Test (push) Waiting to run
CI / Test site build (push) Waiting to run
CI / All tests pass (push) Blocked by required conditions
zizmor wheel builds for PyPI 🐍 / Build source distribution (push) Waiting to run
zizmor wheel builds for PyPI 🐍 / Build Linux wheels (manylinux) (push) Waiting to run
zizmor wheel builds for PyPI 🐍 / Build Linux wheels (musllinux) (push) Waiting to run
zizmor wheel builds for PyPI 🐍 / Release (push) Blocked by required conditions
zizmor wheel builds for PyPI 🐍 / Build Windows wheels (push) Waiting to run
zizmor wheel builds for PyPI 🐍 / Build macOS wheels (push) Waiting to run
Deploy zizmor documentation site 🌐 / Deploy zizmor documentation to GitHub Pages 🌐 (push) Waiting to run
GitHub Actions Security Analysis with zizmor 🌈 / Run zizmor 🌈 (push) Waiting to run
2025-08-20 14:18:35 +00:00
William Woodruff
44a27e2435
feat: LSP skeleton code from #607 ( #984 )
2025-06-30 14:53:25 -04:00
William Woodruff
39f229f7c5
chore: prep for release v1.10.0 ( #977 )
2025-06-26 18:28:57 +00:00
William Woodruff
e69f17cfdd
refactor: prepare fix mode for a public experimental release ( #975 )
2025-06-26 12:10:08 -06:00
Max Marrone
8bc8e9082b
Unfix accidentally-fixed ref-pinning example. ( #948 )
2025-06-16 18:18:18 -04:00
William Woodruff
d9fc0e1a23
chore(ci): address pedantic zizmor findings ( #943 )
2025-06-13 20:36:09 -04:00
William Woodruff
0a7c6c89b7
chore(docs): tweak chip rendering ( #908 )
2025-06-06 23:33:11 -04:00
William Woodruff
73dfa03a41
docs: mention zizmorcore/zizmor-action ( #895 )
2025-06-05 04:05:21 +00:00
William Woodruff
5fbfaebd18
chore: prep for 1.9.0 release ( #877 )
2025-05-30 17:28:21 -04:00
William Woodruff
5b8ff92b80
docs: cleanup permissions information ( #862 )
2025-05-27 13:54:51 -04:00
Natalie Somersall
c9983513df
Update usage directions to explicitly state permissions needed ( #856 )
2025-05-25 17:53:31 -04:00
dublinsubway
2a5d53004f
Swap colon to dot ( #851 )
2025-05-25 14:53:18 +00:00
William Woodruff
4021d88eab
chore: prep for release v1.8.0 ( #835 )
2025-05-20 20:00:26 +00:00
William Woodruff
b4f1ee75d9
chore(docs): use json-v1 for JSON example ( #820 )
2025-05-19 03:42:04 +00:00
William Woodruff
a851cc907c
chore: add pinact, apply pinact ( #817 )
2025-05-18 19:11:03 -04:00
William Woodruff
1e123cfbe5
feat: add ZIZMOR_CONFIG ( #789 )
2025-05-12 16:33:16 -04:00
William Woodruff
71017267de
chore(docs): constrain permissions in workflow example ( #781 )
2025-05-11 02:24:57 -04:00
William Woodruff
b2804996c0
chore(docs): the great @zizmorcore renaming ( #776 )
2025-05-09 20:08:45 -04:00
William Woodruff
4431412276
chore(docs): change URL ( #770 )
2025-05-09 05:03:14 +00:00
William Woodruff
beba48976c
chore: prep for v1.7.0 release ( #768 )
2025-05-08 22:50:51 -04:00
William Woodruff
a284f5866f
feat: tab completion ( #765 )
2025-05-08 16:40:01 -04:00
William Woodruff
fb8e3f63f3
refactor: begin splitting out syntax/sema error handling ( #734 )
2025-05-03 04:22:35 +00:00
William Woodruff
fd8bd06b2c
chore(docs): hash-pin setup-uv in usage.md ( #705 )
2025-04-28 21:25:57 +00:00
William Woodruff
fb8520bdd5
chore: prep for release 1.6.0 ( #681 )
2025-04-19 22:13:28 -04:00
William Woodruff
5ebba3e220
feat: add JSON format versioning ( #657 )
...
* feat: add JSON format versioning
* docs: bump snippets, add PR
2025-04-07 20:18:50 -04:00
William Woodruff
f823fcedfc
usage: note when --format=github is available ( #656 )
2025-04-07 23:54:32 +00:00
William Woodruff
4d5c79a582
cli: add a "GitHub" output format ( #634 )
...
* cli: add a "GitHub" output format
Closes #633 .
Signed-off-by: William Woodruff <william@yossarian.net>
* try using SARIF path
Signed-off-by: William Woodruff <william@yossarian.net>
* fix lines
Signed-off-by: William Woodruff <william@yossarian.net>
* fmt
Signed-off-by: William Woodruff <william@yossarian.net>
* add --no-exit-codes
Signed-off-by: William Woodruff <william@yossarian.net>
* bump help snippet
Signed-off-by: William Woodruff <william@yossarian.net>
* bump snippet
Signed-off-by: William Woodruff <william@yossarian.net>
* integration test for github output
Signed-off-by: William Woodruff <william@yossarian.net>
* github: output tweaks
* update snapshot
* test-output: test GitHub output on just one file
* remove columns
* bump snapshot
* try something else
Signed-off-by: William Woodruff <william@yossarian.net>
* fixup snapshot
Signed-off-by: William Woodruff <william@yossarian.net>
* one last hack
Signed-off-by: William Woodruff <william@yossarian.net>
* add primary annotation to message
Signed-off-by: William Woodruff <william@yossarian.net>
* usage: document --format=github, add integration docs
Signed-off-by: William Woodruff <william@yossarian.net>
* docs: update release notes
---------
Signed-off-by: William Woodruff <william@yossarian.net>
2025-04-07 19:51:19 -04:00
William Woodruff
67fdebff77
docs: add a callout about SARIF exit code behavior ( #630 )
...
Signed-off-by: William Woodruff <william@yossarian.net>
2025-03-29 01:23:52 +02:00
William Woodruff
0c590a6e14
chore: prep for v1.5.2 release ( #623 )
...
Signed-off-by: William Woodruff <william@yossarian.net>
2025-03-23 14:52:59 +00:00
vivodi
28b6266951
Clearly state that actions: read is only required for private repos ( #615 )
...
* Update usage.md
* Update docs/usage.md
---------
Co-authored-by: William Woodruff <william@yossarian.net>
2025-03-18 15:59:29 +00:00
William Woodruff
39fb35cb38
docs: usage: clarify ignore comment placement ( #614 )
...
Signed-off-by: William Woodruff <william@yossarian.net>
2025-03-18 15:38:42 +00:00
William Woodruff
f1e5b96fb5
chore: prep for v1.5.1 release ( #601 )
...
Signed-off-by: William Woodruff <william@yossarian.net>
2025-03-12 11:20:41 -04:00
William Woodruff
9d14c4004e
chore: prep for release v1.5.0 ( #594 )
2025-03-11 00:28:12 +00:00
William Woodruff
43a1d5e7cd
feat(cli): fine-grained color control ( #586 )
...
* feat(cli): fine-grained color control
This doesn't quite work yet, since tracing_indicatif
and anstream::AutoStream don't compose cleanly.
* main: hack on color controls more
Signed-off-by: William Woodruff <william@yossarian.net>
* cli: finalize color control
* remove dbg
* make snippets
* record changes
* usage: document --color option
* tests: proper color control and progress bar tests
* ci: enable tty-tests
* docs: document TTY tests
* better unbuffer failure errors
* ci: install expect for tty-tests
* remove unused import
---------
Signed-off-by: William Woodruff <william@yossarian.net>
2025-03-09 16:16:23 -04:00
William Woodruff
f3f356c8f1
feat: respect .gitignore files when collecting inputs ( #575 )
2025-02-27 06:37:52 +00:00
William Woodruff
7c7e415df3
chore: prep 1.4.1 release ( #568 )
2025-02-25 17:42:20 +00:00
William Woodruff
ff55188bf1
chore: prep for 1.4.0 release ( #565 )
2025-02-25 12:18:51 -05:00
William Woodruff
315ef95a17
feat: relax ignore comment regex ( #531 )
...
* feat: relax ignore comment regex
We now allow trailing comments after the ignore rule list,
which is useful for self-documenting ignores.
Closes #513 .
* docs: record changes
2025-02-11 21:11:31 -05:00
William Woodruff
7b16e64aca
chore: prep for 1.3.1 release ( #523 )
2025-02-09 10:47:28 -05:00
William Woodruff
e61a9d762f
chore: prep for 1.3.0 release ( #500 )
2025-01-28 20:13:44 -05:00
