mirror of
https://github.com/astral-sh/ruff
synced 2026-01-20 21:10:48 -05:00
20 lines
610 B
YAML
20 lines
610 B
YAML
# Configuration for the zizmor static analysis tool, run via pre-commit in CI
|
|
# https://woodruffw.github.io/zizmor/configuration/
|
|
#
|
|
# TODO: can we remove the ignores here so that our workflows are more secure?
|
|
rules:
|
|
dangerous-triggers:
|
|
ignore:
|
|
- pr-comment.yaml
|
|
cache-poisoning:
|
|
ignore:
|
|
- build-docker.yml
|
|
- publish-playground.yml
|
|
excessive-permissions:
|
|
# it's hard to test what the impact of removing these ignores would be
|
|
# without actually running the release workflow...
|
|
ignore:
|
|
- build-docker.yml
|
|
- publish-playground.yml
|
|
- publish-docs.yml
|