From 2e7c6624555f8029b97bafdd3274eb7b52351cfa Mon Sep 17 00:00:00 2001
From: Gabriel Bianconi <GabrielBianconi@users.noreply.github.com>
Date: Fri, 1 May 2026 10:30:49 -0400
Subject: [PATCH 1/3] Add reusable security workflow

---
 .github/workflows/security.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
index f4a424e..e3c6534 100644
--- a/.github/workflows/security.yml
+++ b/.github/workflows/security.yml
@@ -38,8 +38,8 @@ jobs:
         with:
           persona: pedantic
 
-  security:
-    name: security
+  summary:
+    name: summary
     permissions: {}
     if: always()
     needs:

From e72c0e5c66b38da351b29c1c74ef218451d2ae8a Mon Sep 17 00:00:00 2001
From: Gabriel Bianconi <GabrielBianconi@users.noreply.github.com>
Date: Fri, 1 May 2026 10:34:16 -0400
Subject: [PATCH 2/3] Add reusable security workflow

---
 .github/workflows/checks.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml
index e157bed..dd4878a 100644
--- a/.github/workflows/checks.yml
+++ b/.github/workflows/checks.yml
@@ -1,4 +1,4 @@
-name: checks
+name: security
 
 on:
   pull_request:
@@ -14,7 +14,7 @@ permissions:
   contents: read
 
 jobs:
-  security:
+  required:
     uses: ./.github/workflows/security.yml
     permissions:
       contents: read

From 4973f33fd964fdf5d2306fb60f27a4d3cd262dff Mon Sep 17 00:00:00 2001
From: Gabriel Bianconi <GabrielBianconi@users.noreply.github.com>
Date: Fri, 1 May 2026 12:20:25 -0400
Subject: [PATCH 3/3] Fix

---
 .github/workflows/security.yml | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
index e3c6534..c48c0c6 100644
--- a/.github/workflows/security.yml
+++ b/.github/workflows/security.yml
@@ -34,9 +34,20 @@ jobs:
         with:
           persist-credentials: false
 
-      - uses: zizmorcore/zizmor-action@b1d7e1fb5de872772f31590499237e7cce841e8e # v0.5.3
+      - name: Write zizmor config
+        run: |
+          cat > ./zizmor.yml <<'EOF'
+          rules:
+            dependabot-cooldown:
+              config:
+                days: 3
+          EOF
+
+      - name: Run zizmor
+        uses: zizmorcore/zizmor-action@b1d7e1fb5de872772f31590499237e7cce841e8e # v0.5.3
         with:
           persona: pedantic
+          config: ./zizmor.yml
 
   summary:
     name: summary