zizmor
No long description provided.
Installation
dagger install github.com/typesafe-ai/daggerverse/zizmor@e4c42db678ad95654a3ec7d519e1d44c7cce032cEntrypoint
Return Type
Zizmor !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| ctr | Container | null | Container with zizmor installed. Defaults to the official ghcr.io/zizmorcore/zizmor image. |
| version | String ! | "1.25.2" | zizmor image tag (only used when ctr is not provided). |
Example
dagger -m github.com/typesafe-ai/daggerverse/zizmor@e4c42db678ad95654a3ec7d519e1d44c7cce032c call \
--version stringfunc (m *MyModule) Example(version string) *dagger.Zizmor {
return dag.
Zizmor(version)
}@function
def example(version: str) -> dagger.Zizmor:
return (
dag.zizmor(version)
)@func()
example(version: string): Zizmor {
return dag
.zizmor(version)
}Types
Zizmor 🔗
Static analysis for GitHub Actions security.
ctr() 🔗
Container with zizmor installed.
Return Type
Container !Example
dagger -m github.com/typesafe-ai/daggerverse/zizmor@e4c42db678ad95654a3ec7d519e1d44c7cce032c call \
--version string ctrfunc (m *MyModule) Example(version string) *dagger.Container {
return dag.
Zizmor(version).
Ctr()
}@function
def example(version: str) -> dagger.Container:
return (
dag.zizmor(version)
.ctr()
)@func()
example(version: string): Container {
return dag
.zizmor(version)
.ctr()
}run() 🔗
Run zizmor on GitHub Actions workflow files.
Exits non-zero if findings above the configured severity are found.
Return Type
String !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| source | Directory ! | - | Directory containing GitHub Actions workflows (parent to `.github`). |
| githubToken | Secret | null | GitHub token for online audits. Without it, zizmor runs in offline mode. |
| format | String ! | "plain" | Output format: plain, json, sarif, or github. |
| persona | String ! | "regular" | Sensitivity level: regular, pedantic, or auditor. |
| minSeverity | String | null | Minimum severity to report (e.g. low, medium, high). |
| minConfidence | String | null | Minimum confidence to report (e.g. low, medium, high). |
| extraArgs | [String ! ] | null | Additional arguments to pass to zizmor. |
Example
dagger -m github.com/typesafe-ai/daggerverse/zizmor@e4c42db678ad95654a3ec7d519e1d44c7cce032c call \
--version string run --source DIR_PATH --format string --persona stringfunc (m *MyModule) Example(ctx context.Context, version string, source *dagger.Directory, format string, persona string) string {
return dag.
Zizmor(version).
Run(ctx, source, format, persona)
}@function
async def example(version: str, source: dagger.Directory, format: str, persona: str) -> str:
return await (
dag.zizmor(version)
.run(source, format, persona)
)@func()
async example(version: string, source: Directory, format: string, persona: string): Promise<string> {
return dag
.zizmor(version)
.run(source, format, persona)
}