mirrors/zizmor
1
0
Fork 0
mirror of https://github.com/zizmorcore/zizmor.git synced 2025-12-23 08:47:33 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
Static analysis for GitHub Actions http://docs.zizmor.sh/
1040 commits 6 branches 118 tags 18 MiB
Find a file
William Woodruff cc76e2b93f
Some checks failed
zizmor wheel builds for PyPI 🐍 / Build Linux wheels (manylinux) (push) Has been cancelled
Details
zizmor wheel builds for PyPI 🐍 / Build Linux wheels (musllinux) (push) Has been cancelled
Details
zizmor wheel builds for PyPI 🐍 / Build Windows wheels (push) Has been cancelled
Details
zizmor wheel builds for PyPI 🐍 / Build macOS wheels (push) Has been cancelled
Details
zizmor wheel builds for PyPI 🐍 / Build source distribution (push) Has been cancelled
Details
Deploy zizmor documentation site 🌐 / Deploy zizmor documentation to GitHub Pages 🌐 (push) Has been cancelled
Details
GitHub Actions Security Analysis with zizmor 🌈 / Run zizmor 🌈 (push) Has been cancelled
Details
CodSpeed Benchmarks / Run benchmarks (push) Has been cancelled
Details
CI / Lint (push) Has been cancelled
Details
CI / Test (push) Has been cancelled
Details
CI / Test site build (push) Has been cancelled
Details
zizmor wheel builds for PyPI 🐍 / Release (push) Has been cancelled
Details
CI / All tests pass (push) Has been cancelled
Details
chore: bump github-actions-models to 0.42.0 (#1453) 
Signed-off-by: William Woodruff <william@yossarian.net>
2025-12-16 23:34:11 +00:00
.cargo ci: experiment with a binary release build (#828) 2025-05-20 14:29:51 -04:00
.github chore(deps): bump actions/checkout in the github-actions group (#1448) 2025-12-15 15:00:18 -08:00
bench bench: offline benchmarks (#1444) 2025-12-14 18:24:23 -08:00
crates chore: bump github-actions-models to 0.42.0 (#1453) 2025-12-16 23:34:11 +00:00
docs fix: add OpenTofu to Dependabot package ecosystems (#1452) 2025-12-16 18:27:24 -05:00
support feat: add an archived-uses audit (#1411) 2025-12-04 22:15:33 -05:00
.gitignore chore: switch to CodSpeed benchmarking (#1440) 2025-12-13 22:42:08 -08:00
Cargo.lock chore: bump github-actions-models to 0.42.0 (#1453) 2025-12-16 23:34:11 +00:00
Cargo.toml chore: bump github-actions-models to 0.42.0 (#1453) 2025-12-16 23:34:11 +00:00
CONTRIBUTING.md chore(docs): the great @zizmorcore renaming (#776) 2025-05-09 20:08:45 -04:00
Dockerfile ci: convert Dockerfile to Wolfi (#667) 2025-04-14 19:09:48 +00:00
LICENSE chore: add LICENSE 2024-10-27 12:42:49 -04:00
Makefile chore: switch to CodSpeed benchmarking (#1440) 2025-12-13 22:42:08 -08:00
mise.toml chore(docs): make pinact (#1103) 2025-08-21 11:07:07 -04:00
mkdocs.yml docs: add troubleshooting page (#1296) 2025-10-28 20:49:51 -04:00
pyproject.toml bench: offline benchmarks (#1444) 2025-12-14 18:24:23 -08:00
README.md chore(docs): refresh sponsor list (#1301) 2025-10-30 13:33:27 +00:00
uv.lock bench: offline benchmarks (#1444) 2025-12-14 18:24:23 -08:00

README.md

🌈 zizmor

zizmor CI Crates.io Packaging status GitHub Sponsors Discord

zizmor is a static analysis tool for GitHub Actions.

It can find many common security issues in typical GitHub Actions CI/CD setups, including:

  • Template injection vulnerabilities, leading to attacker-controlled code execution
  • Accidental credential persistence and leakage
  • Excessive permission scopes and credential grants to runners
  • Impostor commits and confusable git references
  • ...and much more!

zizmor demo

See zizmor's documentation for installation steps, as well as a quickstart and detailed usage recipes.

License

zizmor is licensed under the MIT License.

Contributing

See our contributing guide!

The name?

Now you can have beautiful clean workflows!

Sponsors 💖

zizmor's development is supported by these amazing sponsors!

Logo-level sponsors

Grafana Labs
Trail of Bits
Shipfox
Name-level sponsors
Alexander Riccio

Want to see your name or logo above? Consider becoming a sponsor through one of the following:

Star History

Star History Chart