Skip to content

Security audit of templated workflows #314

New issue
New issue
Open
Open
Security audit of templated workflows#314
Labels
type::bugdescribes erroneous operation, use severity::* to classify the type
@maresb

Description

@maresb
maresb
opened on Aug 24, 2025

Checklist

  • I added a descriptive title
  • I searched open reports and couldn't find a duplicate

What happened?

I have zizmor GHA vuln scanning enabled on conda-lock. Not that it makes security perfect, but I use it to help enforce standards to make obvious vulnerabilities less likely.

I was getting several warnings from the current templated workflows which I fixed in conda/conda-lock#814. However, now the updates want to overwrite my changes, so I think we should consider upstreaming these changes. What do you think?

Additional Context

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    type::bugdescribes erroneous operation, use severity::* to classify the type

    Type

    No type

    Projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions