Configuration🔗
Note
Configuration support was added in v0.2.0.
zizmor supports a small amount of configuration via YAML config files,
typically named zizmor.yml.
Precedence🔗
Note
Configuration is always optional, and can always be disabled with
--no-config. If --no-config is passed, no configuration is ever loaded.
zizmor will discover and load
configuration files in the following order of precedence:
- Passed explicitly via
--config, e.g.--config my-config.yml. When passed explicitly, the config file does not need to be namedzizmor.yml. ${CWD}/.github/zizmor.yml${CWD}/zizmor.yml
For the last two discovery methods, ${CWD} is the current working directory,
i.e. the directory that zizmor was executed from.
Only one configuration file is ever loaded. In other words: if both
${CWD}/.github/zizmor.yml and ${CWD}/zizmor.yml exist, only the former
will be loaded, per the precedence rules above.
Settings🔗
rules🔗
rules.<id>🔗
rules.<id>.ignore🔗
Type: array
Per-audit ignore rules, where id is the audit's name, e.g.
template-injection.
Each member of rules.<id>.ignore is a workflow rule, formatted as follows:
where filename.yml is the base filename of the workflow, and line and
column are both optional 1-based values indicating the exact line-and-column
location to ignore. If one or both are absent, then the rule applies to the
entire file or entire line.
By example, here is a configuration file with two different audit ignore rule groups: