zizmor

mirror of https://github.com/zizmorcore/zizmor.git synced 2025-12-23 08:47:33 +00:00

Author	SHA1	Message	Date
William Woodruff	3fcaef981f	WIP towards template injection (#5 )	2024-08-27 22:00:52 -04:00
William Woodruff	31093d0a72	locate: handle non-job keys properly Signed-off-by: William Woodruff <william@yossarian.net>	2024-08-26 18:50:46 -04:00
William Woodruff	b4405a7a32	Use tree-sitter to concretize locations (#4 )	2024-08-26 18:07:14 -04:00
William Woodruff	b517d6c1d4	Workflow: keep the raw workflow around ...this will be useful when building accurate spans. Signed-off-by: William Woodruff <william@yossarian.net>	2024-08-23 17:28:37 -04:00
William Woodruff	e8bec7e74a	fix ref_confusion, improve findings APIs Signed-off-by: William Woodruff <william@yossarian.net>	2024-08-23 16:02:07 -04:00
William Woodruff	15c6683e43	clippy fixes Signed-off-by: William Woodruff <william@yossarian.net>	2024-08-23 14:19:41 -04:00
William Woodruff	005d8d99e8	better abstractions, finish ref_confusion Signed-off-by: William Woodruff <william@yossarian.net>	2024-08-23 14:19:15 -04:00
William Woodruff	744d70645f	WIP ref_confusion audit Signed-off-by: William Woodruff <william@yossarian.net>	2024-08-23 11:19:16 -04:00
William Woodruff	b65d897538	location annotations Signed-off-by: William Woodruff <william@yossarian.net>	2024-08-23 10:54:20 -04:00
William Woodruff	44d18f2c39	clippy fixes Signed-off-by: William Woodruff <william@yossarian.net>	2024-08-22 17:35:57 -04:00
William Woodruff	7a6ddfd304	add use_trusted_publishing audit Signed-off-by: William Woodruff <william@yossarian.net>	2024-08-22 17:35:18 -04:00
William Woodruff	72187f3c70	audit abstraction	2024-08-21 23:29:54 -04:00
William Woodruff	2314b08762	expel async from the codebase	2024-08-21 23:19:01 -04:00
William Woodruff	3f974faf91	main: cleanup imports	2024-08-21 21:44:57 -04:00
William Woodruff	2113451266	remove old imports	2024-08-21 21:35:04 -04:00
William Woodruff	85eb24f1aa	Refactor location handling (#2 )	2024-08-21 21:33:49 -04:00
William Woodruff	9d19329b6a	mess around with types Restructure Finding to be a little more reasonable. Signed-off-by: William Woodruff <william@yossarian.net>	2024-08-20 16:13:34 -04:00
William Woodruff	083ce995c4	finding: add Informational Severity Signed-off-by: William Woodruff <william@yossarian.net>	2024-08-20 11:01:03 -04:00
William Woodruff	a066569058	audit: debugging	2024-08-19 23:31:21 -04:00
William Woodruff	7638411d3f	more trait work, rearchitecting	2024-08-19 23:22:21 -04:00
William Woodruff	52d8499ba2	audit: begin working on an audit abstraction The rough idea here is to copy `rustc_lint::LintStore`'s design, for better or worse.	2024-08-19 22:56:17 -04:00
William Woodruff	6f4cb10301	docs, variable cleanup	2024-08-19 22:02:01 -04:00
William Woodruff	7e59e0333b	WIP impostor commit checking async poisons everything Signed-off-by: William Woodruff <william@yossarian.net>	2024-08-19 19:04:29 -04:00
William Woodruff	e7580168c0	add --pedantic mode By default, we'll now ignore things like explicit `persist-credentials: true`, since they suggest that they user knows what they're doing. However, in pedantic mode, these will still be flagged. Signed-off-by: William Woodruff <william@yossarian.net>	2024-08-19 15:53:54 -04:00
William Woodruff	44e6dee80b	add a pull_request_target audit Signed-off-by: William Woodruff <william@yossarian.net>	2024-08-19 15:37:49 -04:00
William Woodruff	8dc450b39b	emit findings when there are no uploads as well Signed-off-by: William Woodruff <william@yossarian.net>	2024-08-19 15:13:33 -04:00
William Woodruff	db930793e1	logging, handle directories Signed-off-by: William Woodruff <william@yossarian.net>	2024-08-19 14:44:38 -04:00
William Woodruff	d3811827e3	README: move roadmap to issue Signed-off-by: William Woodruff <william@yossarian.net>	2024-08-19 14:28:38 -04:00
William Woodruff	658b559b3d	genesis Signed-off-by: William Woodruff <william@yossarian.net>	2024-08-19 14:26:47 -04:00

... 12 13 14 15 16

779 commits