Avatar for the dchud user
dchud
mrrc
BlogDocsChangelog

Performance History

Latest Results

ci: harden workflows and add zizmor security scan (#412) Pin all third-party actions to commit SHAs, add persist-credentials: false to every checkout, scope docs.yml Pages permissions to the deploy job, and disable the release-test uv cache (cache-poisoning fix). Add a zizmor job to the lint workflow (offline, no path filter so it stays a reliable required check) plus .github/zizmor.yml, which allows ref pins for dtolnay/rust-toolchain and taiki-e/install-action (whose ref selects the toolchain/tool) and requires SHA pins everywhere else. Record the publish gate and this hardening under CHANGELOG [Unreleased] Security. Resolves bd-7nhc; closes bd-uqiq (sha_pinning_required) as superseded by the zizmor CI check.
main
7 days ago
chore(beads): close bd-ky8t (PyPI publish approval gate)
ci/pypi-publish-approval-gate
7 days ago
chore(beads): close bd-ky8t (PyPI publish approval gate)
ci/pypi-publish-approval-gate
7 days ago

Latest Branches

CodSpeed Performance Gauge
0%
Harden CI/release workflows and add a zizmor security check#412
7 days ago
5e6dbbe
ci/workflow-hardening
CodSpeed Performance Gauge
0%
7 days ago
b11f355
ci/pypi-publish-approval-gate
CodSpeed Performance Gauge
0%
12 days ago
1e844bf
chore/crossbeam-epoch-security-advisory
© 2026 CodSpeed Technology
Home Terms Privacy Docs