Skip to content

zizmorcore/zizmor

Repository files navigation

🌈 zizmor

CI Crates.io Packaging status GitHub Sponsors Discord

zizmor is a static analysis tool for GitHub Actions.

It can find many common security issues in typical GitHub Actions CI/CD setups, including:

  • Template injection vulnerabilities, leading to attacker-controlled code execution
  • Accidental credential persistence and leakage
  • Excessive permission scopes and credential grants to runners
  • Impostor commits and confusable git references
  • ...and much more!

zizmor demo

See zizmor's documentation for installation steps, as well as a quickstart and detailed usage recipes.

License

zizmor is licensed under the MIT License.

Contributing

See our contributing guide!

The name?

Now you can have beautiful clean workflows!

Sponsors πŸ’–

zizmor's development is supported by these amazing sponsors!

Logo-level sponsors

Astral

Grafana Labs

Trail of Bits

Name-level sponsors
Tenki Cloud

Is your name missing above? Consider becoming one of our sponsors through one of the following:

Star History

Star History Chart