mirrors/zizmor
1
0
Fork 0
mirror of https://github.com/zizmorcore/zizmor.git synced 2025-12-23 08:47:33 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
Static analysis for GitHub Actions http://docs.zizmor.sh/
1 commit 6 branches 118 tags 18 MiB
Find a file
William Woodruff 658b559b3d
genesis 
Signed-off-by: William Woodruff <william@yossarian.net>
2024-08-19 14:26:47 -04:00
src genesis 2024-08-19 14:26:47 -04:00
.gitignore genesis 2024-08-19 14:26:47 -04:00
Cargo.lock genesis 2024-08-19 14:26:47 -04:00
Cargo.toml genesis 2024-08-19 14:26:47 -04:00
README.md genesis 2024-08-19 14:26:47 -04:00

README.md

zizmor

A tool for finding security issues in GitHub Actions CI/CD setups.

At the moment, zizmor only supports workflow definitions, and only detects a small subset of known issues. See the Roadmap for details on our plans.

Usage

cargo build
./target/debug/zizmor --help

Roadmap

  • Auditing of action definitions (i.e. action.yml)
  • Accidental credential persistence
  • Insecure/fundamentally dangerous workflow triggers
    • pull_request_target
  • Insecure/excessive permissions

The name?

Now you can have beautiful clean workflows!