Skip to content

Use zizmor to audit github actions #638

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
notmandatory opened this issue Dec 14, 2024 · 3 comments · May be fixed by #720
Open

Use zizmor to audit github actions #638

notmandatory opened this issue Dec 14, 2024 · 3 comments · May be fixed by #720
Labels
CI Continuous integration pipeline related

Comments

@notmandatory
Copy link
Member

notmandatory commented Dec 14, 2024
edited
Loading

Describe the enhancement

We should audit github actions to make sure an attacker can't publish compromised bdk-ffi binaries.

see: https://discord.com/channels/753336465005608961/754077749282471937/1317184034010435625

Use case

See documentation for zizmor.

Additional context

See: bitcoindevkit/bdk#1775.
@notmandatory notmandatory added the enhancement New feature or request label Dec 14, 2024
@notmandatory notmandatory mentioned this issue Dec 14, 2024
Closed
@notmandatory notmandatory added CI Continuous integration pipeline related and removed enhancement New feature or request labels Dec 14, 2024
@notmandatory notmandatory moved this to Todo in BDK-Bindings Dec 14, 2024
@aagbotemi
Copy link

Hello @notmandatory, what's the progress status on the issue? I would like to work on it.

@thunderbiscuit
Copy link
Member

Feel free to pick it up @aagbotemi!

@aagbotemi
Copy link

Alright.

@aagbotemi aagbotemi linked a pull request Apr 2, 2025 that will close this issue
Open
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
CI Continuous integration pipeline related
Projects
BDK-Bindings
Status: Todo
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Ci/apply zizmor security audit aagbotemi/bdk-ffi
3 participants
@notmandatory @thunderbiscuit @aagbotemi