Lib.rs

Command line utilities
#github-actions #static-analysis #security #cli #runner

app zizmor

Static analysis for GitHub Actions

by William Woodruff and 25 contributors

30 releases (9 stable)

1.3.1 Feb 9, 2025
0.10.0 Dec 19, 2024
0.6.0 Nov 26, 2024

#18 in Command line utilities

Download history 690/week @ 2024-10-29 764/week @ 2024-11-05 912/week @ 2024-11-12 681/week @ 2024-11-19 623/week @ 2024-11-26 938/week @ 2024-12-03 1374/week @ 2024-12-10 839/week @ 2024-12-17 401/week @ 2024-12-24 874/week @ 2024-12-31 1147/week @ 2025-01-07 1765/week @ 2025-01-14 1390/week @ 2025-01-21 1628/week @ 2025-01-28 1412/week @ 2025-02-04 1239/week @ 2025-02-11

5,985 downloads per month

MIT license

300KB
6.5K SLoC

🌈 zizmor

CI Crates.io Packaging status GitHub Sponsors

zizmor is a static analysis tool for GitHub Actions.

It can find many common security issues in typical GitHub Actions CI/CD setups, including:

  • Template injection vulnerabilities, leading to attacker-controlled code execution
  • Accidental credential persistence and leakage
  • Excessive permission scopes and credential grants to runners
  • Impostor commits and confusable git references
  • ...and much more!

zizmor demo

See zizmor's documentation for installation steps, as well as a quickstart and detailed usage recipes.

License

zizmor is licensed under the MIT License.

Contributing

See our contributing guide!

The name?

Now you can have beautiful clean workflows!

Sponsors 💖

zizmor's development is supported by these amazing sponsors!


Astral

Star History

Star History Chart

Dependencies

~41–57MB
~1M SLoC