mirror of https://github.com/zizmorcore/zizmor.git synced 2025-12-23 08:47:33 +00:00

Static analysis for GitHub Actions http://docs.zizmor.sh/

Find a file

dependabot[bot] 7e726e1eab chore(deps): bump astral-sh/setup-uv in the github-actions group (#685 ) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>		2025-04-21 13:58:53 +00:00
.github	chore(deps): bump astral-sh/setup-uv in the github-actions group (#685 )	2025-04-21 13:58:53 +00:00
docs	docs: bump trophies (#682 )	2025-04-19 22:24:40 -04:00
src	chore: bump github-actions-models to 0.28.1 (#679 )	2025-04-18 15:35:30 -04:00
tests/integration	feat: generalize RepositoryUsesPattern (#670 )	2025-04-16 23:29:26 -04:00
.gitignore	feat: unsecure-commands-allowed audit (#176 )	2024-11-19 21:11:10 +00:00
Cargo.lock	chore: prep for release 1.6.0 (#681 )	2025-04-19 22:13:28 -04:00
Cargo.toml	chore: prep for release 1.6.0 (#681 )	2025-04-19 22:13:28 -04:00
CONTRIBUTING.md	doc: mention conventional commits	2024-11-01 10:13:15 -04:00
Dockerfile	ci: convert Dockerfile to Wolfi (#667 )	2025-04-14 19:09:48 +00:00
LICENSE	chore: add LICENSE	2024-10-27 12:42:49 -04:00
Makefile	docs: try to fix the site (#466 )	2025-01-18 15:37:15 -05:00
mkdocs.yml	docs: move changelog to website (#374 )	2025-01-02 09:43:28 +00:00
pyproject.toml	docs: try to fix the site (#466 )	2025-01-18 15:37:15 -05:00
README.md	README: more details (#504 )	2025-01-30 19:09:47 +00:00
uv.lock	docs: try to fix the site (#466 )	2025-01-18 15:37:15 -05:00

🌈 zizmor

zizmor is a static analysis tool for GitHub Actions.

It can find many common security issues in typical GitHub Actions CI/CD setups, including:

Template injection vulnerabilities, leading to attacker-controlled code execution
Accidental credential persistence and leakage
Excessive permission scopes and credential grants to runners
Impostor commits and confusable git references
...and much more!