35 releases (14 stable)

Uses new Rust 2024

new 1.5.2 Mar 23, 2025
1.4.1 Feb 25, 2025
0.10.0 Dec 19, 2024
0.6.0 Nov 26, 2024

#6 in Command line utilities

Download history 1262/week @ 2024-12-07 1087/week @ 2024-12-14 435/week @ 2024-12-21 778/week @ 2024-12-28 953/week @ 2025-01-04 1434/week @ 2025-01-11 1790/week @ 2025-01-18 1530/week @ 2025-01-25 1360/week @ 2025-02-01 1492/week @ 2025-02-08 2109/week @ 2025-02-15 2061/week @ 2025-02-22 1384/week @ 2025-03-01 1678/week @ 2025-03-08 1268/week @ 2025-03-15 1633/week @ 2025-03-22

6,178 downloads per month

MIT license

315KB
7K SLoC

🌈 zizmor

CI Crates.io Packaging status GitHub Sponsors

zizmor is a static analysis tool for GitHub Actions.

It can find many common security issues in typical GitHub Actions CI/CD setups, including:

  • Template injection vulnerabilities, leading to attacker-controlled code execution
  • Accidental credential persistence and leakage
  • Excessive permission scopes and credential grants to runners
  • Impostor commits and confusable git references
  • ...and much more!

zizmor demo

See zizmor's documentation for installation steps, as well as a quickstart and detailed usage recipes.

License

zizmor is licensed under the MIT License.

Contributing

See our contributing guide!

The name?

Now you can have beautiful clean workflows!

Sponsors 💖

zizmor's development is supported by these amazing sponsors!


Astral

Star History

Star History Chart

Dependencies

~41–57MB
~1M SLoC