You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Add zizmor (the GitHub Actions static security analyzer maintained with Trail of Bits support) as a required CI check alongside the existing AgentShield scan. While AgentShield scans agent configuration files (CLAUDE.md, hooks, MCP configs), zizmor analyzes workflow YAML for injection vulnerabilities, mutable tag references, permission issues, and supply chain risks — a complementary security layer that catches the exact vulnerability patterns behind the Clinejection attack.
Market Signal
Trail of Bits hardened zizmor in May 2026 with full YAML anchor support, validated against 41,253 workflows from 6,612 repositories. Zizmor integrates with GitHub Advanced Security via SARIF output to the Security tab. The Wiz blog's 2026 GitHub Actions hardening guide recommends zizmor as the first line of defense for workflow security. The tool has ~24 audit rules covering:
Template injection vulnerabilities (the exact pattern exploited in Clinejection)
The org's compliance-audit.sh checks for SHA pinning and workflow structure, but does NOT perform static analysis of workflow YAML for injection patterns
The pr-auto-review workflow has a TODO comment about pagination (line 184) — a known gap in a security-sensitive workflow
The org has 7+ required workflows across all repos, creating a wide surface area for workflow-level vulnerabilities
Technical Opportunity
The org already has a Tier 1 stub pattern for security workflows (agent-shield.yml). Adding a zizmor step follows the established pattern:
# Option A: Add to existing CI pipeline
- name: Workflow Security Lintuses: zizmorcore/zizmor-action@v1with:
sarif-upload: true# Option B: New Tier 1 stub (preferred for separation of concerns)jobs:
zizmor:
uses: petry-projects/.github/.github/workflows/zizmor-reusable.yml@v1
Zizmor's SARIF output integrates with the Security tab (which the org already requires via CodeQL). The zizmor-action GitHub Action makes integration a single uses: line. Run time is typically under 10 seconds (pure static analysis, no network calls).
Assessment
Dimension
Score
Rationale
Feasibility
high
Mature, well-maintained tool with a GitHub Action available; follows existing Tier 1 stub pattern
Impact
high
Catches an entire class of vulnerabilities (workflow injection) that no other org tool covers
Urgency
high
The Clinejection attack pattern is actively exploited; the org's 7+ workflows are unscanned for these patterns today
Adversarial Review
Strongest objection: Adding another CI check increases build time and could create redundant findings with the existing AgentShield scan. The org is already check-heavy with CodeQL, SonarCloud, CodeRabbit, Copilot, and AgentShield.
Rebuttal: AgentShield and zizmor scan fundamentally different targets — AgentShield scans agent configs (CLAUDE.md, hooks, MCP server definitions with 102 rules across 5 categories), while zizmor scans workflow YAML files (injection patterns, permissions, pinning with 24 rules). There is zero overlap in what they analyze. Zizmor runs in under 10 seconds (pure static analysis with no network calls) so build time impact is negligible. The Clinejection attack would have been caught by zizmor's template injection rules but NOT by AgentShield, since the vulnerability was in the workflow YAML itself, not in agent configuration.
Suggested Next Step
Add standards/workflows/zizmor.yml as a Tier 1 stub calling a new zizmor-reusable.yml, configure SARIF upload to GitHub Advanced Security, and add a compliance-audit check for zizmor workflow presence across all repos.
Proposed by BMAD Analyst (Mary) — 2026-06-05T10:43:42Z
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Summary
Add zizmor (the GitHub Actions static security analyzer maintained with Trail of Bits support) as a required CI check alongside the existing AgentShield scan. While AgentShield scans agent configuration files (CLAUDE.md, hooks, MCP configs), zizmor analyzes workflow YAML for injection vulnerabilities, mutable tag references, permission issues, and supply chain risks — a complementary security layer that catches the exact vulnerability patterns behind the Clinejection attack.
Market Signal
Trail of Bits hardened zizmor in May 2026 with full YAML anchor support, validated against 41,253 workflows from 6,612 repositories. Zizmor integrates with GitHub Advanced Security via SARIF output to the Security tab. The Wiz blog's 2026 GitHub Actions hardening guide recommends zizmor as the first line of defense for workflow security. The tool has ~24 audit rules covering:
pull_request_targetusageCodeRabbit's 2026 multi-repo analysis and the academic paper "Unpacking Security Scanners for GitHub Actions Workflows" both position workflow security linting as an essential layer that complements code-level review.
User Signal
compliance-audit.shchecks for SHA pinning and workflow structure, but does NOT perform static analysis of workflow YAML for injection patternspr-auto-reviewworkflow has a TODO comment about pagination (line 184) — a known gap in a security-sensitive workflowcheck-suite-auto-triggerCompliance: check-suite-auto-trigger-347564 #374/Compliance: check-suite-auto-trigger-1236702 #373,copilot-setup-steps-invalid-job-nameCompliance: copilot-setup-steps-invalid-job-name #372) suggest workflow YAML quality issues that zizmor would catch earlier in the development cycleTechnical Opportunity
The org already has a Tier 1 stub pattern for security workflows (
agent-shield.yml). Adding a zizmor step follows the established pattern:Zizmor's SARIF output integrates with the Security tab (which the org already requires via CodeQL). The
zizmor-actionGitHub Action makes integration a singleuses:line. Run time is typically under 10 seconds (pure static analysis, no network calls).Assessment
Adversarial Review
Strongest objection: Adding another CI check increases build time and could create redundant findings with the existing AgentShield scan. The org is already check-heavy with CodeQL, SonarCloud, CodeRabbit, Copilot, and AgentShield.
Rebuttal: AgentShield and zizmor scan fundamentally different targets — AgentShield scans agent configs (CLAUDE.md, hooks, MCP server definitions with 102 rules across 5 categories), while zizmor scans workflow YAML files (injection patterns, permissions, pinning with 24 rules). There is zero overlap in what they analyze. Zizmor runs in under 10 seconds (pure static analysis with no network calls) so build time impact is negligible. The Clinejection attack would have been caught by zizmor's template injection rules but NOT by AgentShield, since the vulnerability was in the workflow YAML itself, not in agent configuration.
Suggested Next Step
Add
standards/workflows/zizmor.ymlas a Tier 1 stub calling a newzizmor-reusable.yml, configure SARIF upload to GitHub Advanced Security, and add a compliance-audit check for zizmor workflow presence across all repos.Proposed by BMAD Analyst (Mary) — 2026-06-05T10:43:42Z
Beta Was this translation helpful? Give feedback.
All reactions