mirrors/zizmor
1
0
Fork 0
mirror of https://github.com/zizmorcore/zizmor.git synced 2025-12-23 08:47:33 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
zizmor/README.md
William Woodruff 44a27e2435
feat: LSP skeleton code from #607 (#984)
2025-06-30 14:53:25 -04:00

3.6 KiB
Raw Permalink Blame History

🌈 zizmor

CI Crates.io Packaging status GitHub Sponsors Discord

zizmor is a static analysis tool for GitHub Actions.

It can find many common security issues in typical GitHub Actions CI/CD setups, including:

  • Template injection vulnerabilities, leading to attacker-controlled code execution
  • Accidental credential persistence and leakage
  • Excessive permission scopes and credential grants to runners
  • Impostor commits and confusable git references
  • ...and much more!

zizmor demo

See zizmor's documentation for installation steps, as well as a quickstart and detailed usage recipes.

License

zizmor is licensed under the MIT License.

Contributing

See our contributing guide!

The name?

Now you can have beautiful clean workflows!

Sponsors 💖

zizmor's development is supported by these amazing sponsors!

Logo-level sponsors

Astral
Grafana Labs
Trail of Bits
Name-level sponsors
Tenki Cloud

Is your name missing above? Consider becoming one of our sponsors through one of the following:

Star History

Star History Chart