mirror of https://github.com/zizmorcore/zizmor.git synced 2025-12-23 08:47:33 +00:00

Static analysis for GitHub Actions http://docs.zizmor.sh/

Find a file

William Woodruff 8bea509234 chore(deps): `cargo autoinherit` (#826 )		2025-05-19 20:19:08 +00:00
.github	refactor: bring yamlpath into repo (#825 )	2025-05-19 16:09:54 -04:00
crates	chore(deps): `cargo autoinherit` (#826 )	2025-05-19 20:19:08 +00:00
docs	chore(docs): bump trophies (#821 )	2025-05-19 04:37:22 +00:00
.gitignore	feat: unsecure-commands-allowed audit (#176 )	2024-11-19 21:11:10 +00:00
Cargo.lock	refactor: bring yamlpath into repo (#825 )	2025-05-19 16:09:54 -04:00
Cargo.toml	chore(deps): `cargo autoinherit` (#826 )	2025-05-19 20:19:08 +00:00
CONTRIBUTING.md	chore(docs): the great @zizmorcore renaming (#776 )	2025-05-09 20:08:45 -04:00
Dockerfile	ci: convert Dockerfile to Wolfi (#667 )	2025-04-14 19:09:48 +00:00
LICENSE	chore: add LICENSE	2024-10-27 12:42:49 -04:00
Makefile	chore: add pinact, apply pinact (#817 )	2025-05-18 19:11:03 -04:00
mkdocs.yml	docs: add some hash-pinning tool recommendations (#788 )	2025-05-12 20:21:11 +00:00
pyproject.toml	docs: try to fix the site (#466 )	2025-01-18 15:37:15 -05:00
README.md	chore(docs): the great @zizmorcore renaming (#776 )	2025-05-09 20:08:45 -04:00
uv.lock	docs: try to fix the site (#466 )	2025-01-18 15:37:15 -05:00

🌈 zizmor

zizmor is a static analysis tool for GitHub Actions.

It can find many common security issues in typical GitHub Actions CI/CD setups, including:

Template injection vulnerabilities, leading to attacker-controlled code execution
Accidental credential persistence and leakage
Excessive permission scopes and credential grants to runners
Impostor commits and confusable git references
...and much more!