Skip to content

Harden GitHub Actions workflows across usegalaxy-eu repos #1051

Description

@arash77

Goal

Apply zizmor security best practices to GitHub Actions workflows across all usegalaxy-eu repositories.

Security Improvements

  • Add persist-credentials: false to checkout steps
  • Fix template injection vulnerabilities
  • Add permissions: {} for least-privilege access
  • Add zizmor CI workflow for ongoing security scanning
  • Add dependabot for GitHub Actions updates

Progress

Completed

Pending

  • Infrastructure repositories
  • Other tool repositories
  • Documentation repositories

References

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions