Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use zizmor to audit github actions #638

Open
notmandatory opened this issue Dec 14, 2024 · 0 comments
Open

Use zizmor to audit github actions #638

notmandatory opened this issue Dec 14, 2024 · 0 comments
Labels
CI Continuous integration pipeline related

Comments

@notmandatory
Copy link
Member

notmandatory commented Dec 14, 2024

Describe the enhancement

We should audit github actions to make sure an attacker can't publish compromised bdk-ffi binaries.

see: https://discord.com/channels/753336465005608961/754077749282471937/1317184034010435625

Use case

See documentation for zizmor.

Additional context

See: bitcoindevkit/bdk#1775.

@notmandatory notmandatory added the enhancement New feature or request label Dec 14, 2024
@notmandatory notmandatory added CI Continuous integration pipeline related and removed enhancement New feature or request labels Dec 14, 2024
@notmandatory notmandatory moved this to Todo in BDK-Bindings Dec 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
CI Continuous integration pipeline related
Projects
Status: Todo
Development

No branches or pull requests

1 participant