zizmor
| Crates.io | zizmor |
| lib.rs | zizmor |
| version | 1.13.0 |
| created_at | 2024-10-27 19:43:08.182938+00 |
| updated_at | 2025-09-12 23:31:04.135418+00 |
| description | Static analysis for GitHub Actions |
| homepage | https://docs.zizmor.sh |
| repository | https://github.com/zizmorcore/zizmor |
| max_upload_size | |
| id | 1424909 |
| size | 1,359,147 |
William Woodruff (woodruffw)
documentation
https://docs.zizmor.sh
README
🌈 zizmor
zizmor is a static analysis tool for GitHub Actions.
It can find many common security issues in typical GitHub Actions CI/CD setups, including:
- Template injection vulnerabilities, leading to attacker-controlled code execution
- Accidental credential persistence and leakage
- Excessive permission scopes and credential grants to runners
- Impostor commits and confusable
gitreferences - ...and much more!
See zizmor's documentation
for installation steps, as well as a quickstart and
detailed usage recipes.
License
zizmor is licensed under the MIT License.
Contributing
The name?
Now you can have beautiful clean workflows!
Sponsors 💖
zizmor's development is supported by these amazing sponsors!
Grafana Labs |
Trail of Bits |
| Tenki Cloud | Alexander Riccio |
Want to see your name or logo above? Consider becoming a sponsor through one of the following:
- GitHub Sponsors (preferred)
- thanks.dev
- ko-fi