Skip to content

oxc-project/security-action

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
README.md
README.md
 
 
action.yml
action.yml
 
 
deny.toml
deny.toml
 
 
zizmor.yml
zizmor.yml
 
 

Repository files navigation

security-action

Run security checks against the current repository. The current check set includes zizmor for GitHub Actions workflows and conditional cargo-deny checks when Cargo.lock exists and has changed.

Usage

This action checks out the repository internally and runs the configured security checks. Today, that includes zizmor --config "${{ github.action_path }}/zizmor.yml" --strict-collection --show-audit-urls=always --min-severity=medium ., so the job fails on collection errors and on medium-severity or higher findings.

If the checked-out repository has Cargo.lock and the current pull request or push diff changes it, the action also installs cargo-deny and runs cargo deny check --config "${{ github.action_path }}/deny.toml".

Configuration

The zizmor check passes its bundled config file at ${{ github.action_path }}/zizmor.yml to zizmor. The current shared config includes:

rules:
  secrets-outside-env:
    config:
      allow:
        - APP_ID
        - APP_PRIVATE_KEY

The cargo-deny check passes its bundled config file at ${{ github.action_path }}/deny.toml to cargo-deny.

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 10

v1.0.5 Latest
May 7, 2026
+ 9 releases

Packages

 
 
 

Contributors