Open
Description
Zizmor is a package that provides static analysis for github actions. Considering our broad use of github actions, it feels important we use it. It was also recommended by Seth Larson, PSF security developer in residence.
I think we should initially use it on the controls and membership repos. Then look into how we can integrate this with package repos.