Skip to content

Issues: zizmorcore/zizmor

Beta
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

59 Open 191 Closed
59 Open 191 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

Audit idea: use of github.ref and GITHUB_REF enhancement New feature or request new-audit New audits
#939 opened Jun 12, 2025 by woodruffw
Feature: use-trusted-publishing should check for disabled attestations enhancement New feature or request
#938 opened Jun 12, 2025 by woodruffw
@woodruffw
Audit idea: TOCTOU PR/branch checks enhancement New feature or request help wanted Extra attention is needed new-audit New audits
#935 opened Jun 11, 2025 by woodruffw
1
Feature: detect general correctness errors enhancement New feature or request triage Issue is being triaged
#931 opened Jun 10, 2025 by andrewbanchich
2 tasks done
1
Evaluate saphyr for YAML operations long-term refactor Refactoring tasks
#930 opened Jun 10, 2025 by woodruffw
@woodruffw
1
Feature: detect invisible unicode characters enhancement New feature or request help wanted Extra attention is needed new-audit New audits
#914 opened Jun 7, 2025 by andrewbanchich
2 tasks done
@andrewpollack
3
[META] Fix mode features meta Roadmap/meta tracking issues
#876 opened May 30, 2025 by woodruffw
2 of 11 tasks
9
[BUG] zizmor --completions <SHELL> fails if another flag is implicitly activated via the environment bug Something isn't working cli
#864 opened May 28, 2025 by woodruffw
@woodruffw
New audit: old(er) runs-on enhancement New feature or request good first issue Good for newcomers new-audit New audits
#827 opened May 19, 2025 by woodruffw
@andrewpollack
2
New audit: comments next to explicit permissions enhancement New feature or request good first issue Good for newcomers new-audit New audits
#819 opened May 18, 2025 by woodruffw
@dublinsubway
2
Feature: A way to collect workflows only in <root>/.github/workflows/ config Configuration functionality enhancement New feature or request
#784 opened May 12, 2025 by iainlane
2 tasks done
6
Feature: cache-poisoning: treat docker/build-build-action as a potential cache source enhancement New feature or request false-negative
#774 opened May 9, 2025 by woodruffw
2
Feature: Figure out how to detect immutable actions blocked
#766 opened May 8, 2025 by woodruffw
Feature: reduce GitHub REST API usage in favor of clones? performance
#764 opened May 8, 2025 by woodruffw
2
Feature: obfuscation audit should check for computed indices enhancement New feature or request
#762 opened May 7, 2025 by woodruffw 1.10.0
[BUG] False positive detection for artipacked when persist-credentials: false is properly set bug Something isn't working question Further information is requested triage Issue is being triaged
#755 opened May 7, 2025 by woodruffw
8
Feature: wrong value in ternary pattern enhancement New feature or request help wanted Extra attention is needed new-audit New audits
#746 opened May 5, 2025 by daeho-ro
2 tasks done
2
Feature: detect no-op conditions enhancement New feature or request help wanted Extra attention is needed
#742 opened May 3, 2025 by woodruffw
Feature: unpinned-images could discover docker pull ... patterns in run: clauses enhancement New feature or request
#738 opened May 2, 2025 by woodruffw
1
Feature: policies for unpinned-images enhancement New feature or request
#737 opened May 2, 2025 by woodruffw
1
[BUG]: impostor-commit audit tries lookup on wrong github instance bug Something isn't working ghes GitHub Enterprise Server issues
#735 opened May 2, 2025 by dankress
2 tasks done
4
New audit: Dependabot privilege escalation discussion enhancement New feature or request new-audit New audits
#730 opened Apr 30, 2025 by Marcono1234
4
New audit: Caching sensitive files enhancement New feature or request new-audit New audits
#723 opened Apr 30, 2025 by Marcono1234
1
Feature: Support enabling / disabling audits enhancement New feature or request
#714 opened Apr 29, 2025 by Marcono1234
2 tasks done
5
New audit: "YOLO" binaries enhancement New feature or request new-audit New audits
#711 opened Apr 29, 2025 by woodruffw
ProTip! Find all open issues with in progress development work with linked:pr.