35 releases (14 stable)

Uses new Rust 2024

1.5.2 Mar 23, 2025
1.4.1 Feb 25, 2025
0.10.0 Dec 19, 2024
0.6.0 Nov 26, 2024

#6 in Command line utilities

Download history 701/week @ 2024-12-27 984/week @ 2025-01-03 1345/week @ 2025-01-10 1830/week @ 2025-01-17 1443/week @ 2025-01-24 1478/week @ 2025-01-31 1389/week @ 2025-02-07 2195/week @ 2025-02-14 2016/week @ 2025-02-21 1429/week @ 2025-02-28 1694/week @ 2025-03-07 1253/week @ 2025-03-14 1868/week @ 2025-03-21 2358/week @ 2025-03-28 1651/week @ 2025-04-04 1821/week @ 2025-04-11

7,869 downloads per month

MIT license

315KB
7K SLoC

🌈 zizmor

CI Crates.io Packaging status GitHub Sponsors

zizmor is a static analysis tool for GitHub Actions.

It can find many common security issues in typical GitHub Actions CI/CD setups, including:

  • Template injection vulnerabilities, leading to attacker-controlled code execution
  • Accidental credential persistence and leakage
  • Excessive permission scopes and credential grants to runners
  • Impostor commits and confusable git references
  • ...and much more!

zizmor demo

See zizmor's documentation for installation steps, as well as a quickstart and detailed usage recipes.

License

zizmor is licensed under the MIT License.

Contributing

See our contributing guide!

The name?

Now you can have beautiful clean workflows!

Sponsors 💖

zizmor's development is supported by these amazing sponsors!


Astral

Star History

Star History Chart

Dependencies

~43–59MB
~1M SLoC