#48 adds a zizmor worfklow, which posts results to GitHub's Code Scanning page. While this is the recommended usage of the zizmor action, it but does not block PRs, which introduce issues, flagged by zizmor.
The recommended solution is to configure a ruleset to prevent PRs from merging until all code scanning alerts are resolved.
See https://github.com/zizmorcore/zizmor-action#changes-introduce-security-alerts-but-no-pr-checks-are-shown
#48 adds a zizmor worfklow, which posts results to GitHub's Code Scanning page. While this is the recommended usage of the zizmor action, it but does not block PRs, which introduce issues, flagged by zizmor.
The recommended solution is to configure a ruleset to prevent PRs from merging until all code scanning alerts are resolved.
See https://github.com/zizmorcore/zizmor-action#changes-introduce-security-alerts-but-no-pr-checks-are-shown