{"id":28047785,"url":"https://github.com/zizmorcore/zizmor","last_synced_at":"2026-01-16T22:50:25.116Z","repository":{"id":259762955,"uuid":"844670429","full_name":"zizmorcore/zizmor","owner":"zizmorcore","description":"Static analysis for GitHub Actions","archived":false,"fork":false,"pushed_at":"2025-05-10T00:20:06.000Z","size":2060,"stargazers_count":2453,"open_issues_count":61,"forks_count":67,"subscribers_count":9,"default_branch":"main","last_synced_at":"2025-05-10T01:20:22.424Z","etag":null,"topics":["github-actions","security","security-tools","static-analysis"],"latest_commit_sha":null,"homepage":"http://docs.zizmor.sh/","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/zizmorcore.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"github":"woodruffw","thanks_dev":"u/gh/woodruffw"}},"created_at":"2024-08-19T18:26:28.000Z","updated_at":"2025-05-10T00:42:43.000Z","dependencies_parsed_at":"2024-10-27T22:31:19.349Z","dependency_job_id":"a14b5e65-9b35-4413-82d6-73d448acc350","html_url":"https://github.com/zizmorcore/zizmor","commit_stats":{"total_commits":305,"total_committers":22,"mean_commits":"13.863636363636363","dds":"0.22295081967213115","last_synced_commit":"bb463f779ff5ab7dcc6e71df33d639241fa8fca8"},"previous_names":["woodruffw/zizmor","zizmorcore/zizmor"],"tags_count":37,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zizmorcore%2Fzizmor/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/zizmorcore","download_url":"https://codeload.github.com/zizmorcore/zizmor/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253633114,"owners_count":21939389,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["github-actions","security","security-tools","static-analysis"],"created_at":"2025-05-11T21:01:58.349Z","updated_at":"2026-01-16T22:50:25.111Z","avatar_url":"https://github.com/zizmorcore.png","language":"Rust","funding_links":["https://github.com/sponsors/woodruffw","https://thanks.dev/u/gh/woodruffw","https://ko-fi.com/woodruffw"],"categories":["Rust","Build techniques","Development tools","security-tools","Tools","Vulnerabilities and Security Advisories","security","Miscellaneous","\u003ca name=\"Rust\"\u003e\u003c/a\u003eRust","Infrastructure as Code Security"],"sub_categories":["Supply chain beyond libraries","Static analysis","Defense Evasion","Git","ArgoCD","Language Specific"],"readme":"# 🌈 zizmor\n\n[![zizmor](https://img.shields.io/badge/%F0%9F%8C%88-zizmor-white?labelColor=white)](https://zizmor.sh/)\n[![CI](https://github.com/zizmorcore/zizmor/actions/workflows/ci.yml/badge.svg)](https://github.com/zizmorcore/zizmor/actions/workflows/ci.yml)\n[![Crates.io](https://img.shields.io/crates/v/zizmor)](https://crates.io/crates/zizmor)\n[![Packaging status](https://repology.org/badge/tiny-repos/zizmor.svg)](https://repology.org/project/zizmor/versions)\n[![GitHub Sponsors](https://img.shields.io/github/sponsors/woodruffw?style=flat\u0026logo=githubsponsors\u0026labelColor=white\u0026color=white)](https://github.com/sponsors/woodruffw)\n[![Discord](https://img.shields.io/badge/Discord-%235865F2.svg?logo=discord\u0026logoColor=white)](https://discord.com/invite/PGU3zGZuGG)\n\n`zizmor` is a static analysis tool for GitHub Actions.\n\nIt can find many common security issues in typical GitHub Actions CI/CD setups,\nincluding:\n\n* Template injection vulnerabilities, leading to attacker-controlled code execution\n* Accidental credential persistence and leakage\n* Excessive permission scopes and credential grants to runners\n* Impostor commits and confusable `git` references\n* ...[and much more]!\n\n[and much more]: https://docs.zizmor.sh/audits/\n\n![zizmor demo](https://zizmor.sh/assets/zizmor-demo.gif)\n\nSee [`zizmor`'s documentation](https://docs.zizmor.sh/)\nfor [installation steps], as well as a [quickstart] and\n[detailed usage recipes].\n\n[please file them]: https://github.com/zizmorcore/zizmor/issues/new?assignees=\u0026labels=bug%2Ctriage\u0026projects=\u0026template=bug-report.yml\u0026title=%5BBUG%5D%3A+\n\n[installation steps]: https://docs.zizmor.sh/installation/\n\n[quickstart]: https://docs.zizmor.sh/quickstart/\n\n[detailed usage recipes]: https://docs.zizmor.sh/usage/\n\n## License\n\n`zizmor` is licensed under the [MIT License](./LICENSE).\n\n## Contributing\n\nSee [our contributing guide!](./CONTRIBUTING.md)\n\n## The name?\n\n*[Now you can have beautiful clean workflows!]*\n\n[Now you can have beautiful clean workflows!]: https://www.youtube.com/watch?v=ol7rxFCvpy8\n\n## Sponsors\n\n`zizmor`'s development is supported by these amazing sponsors!\n\n\u003c!-- @@begin-sponsors@@ --\u003e\n\u003ctable width=\"100%\"\u003e\n\u003ccaption\u003eLogo-level sponsors\u003c/caption\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd align=\"center\" valign=\"top\" width=\"15%\"\u003e\n\u003ca href=\"https://grafana.com/\"\u003e\n\u003cimg src=\"https://avatars.githubusercontent.com/u/7195757?s=100\u0026v=4\" width=\"100px\"\u003e\n\u003cbr\u003e\nGrafana Labs\n\u003c/a\u003e\n\u003c/td\u003e\n\u003ctd align=\"center\" valign=\"top\" width=\"15%\"\u003e\n\u003ca href=\"https://trailofbits.com/\"\u003e\n\u003cimg src=\"https://avatars.githubusercontent.com/u/2314423?s=100\u0026v=4\" width=\"100px\"\u003e\n\u003cbr\u003e\nTrail of Bits\n\u003c/a\u003e\n\u003c/td\u003e\n\u003ctd align=\"center\" valign=\"top\" width=\"15%\"\u003e\n\u003ca href=\"https://www.shipfox.io\"\u003e\n\u003cimg src=\"https://avatars.githubusercontent.com/u/163036520?s=100\u0026v=4\" width=\"100px\"\u003e\n\u003cbr\u003e\nShipfox\n\u003c/a\u003e\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003chr align=\"center\"\u003e\n\u003ctable width=\"100%\"\u003e\n\u003ccaption\u003eName-level sponsors\u003c/caption\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\n\u003ctd align=\"center\" valign=\"top\"\u003e\n\u003ca href=\"https://github.com/ariccio\"\u003e\nAlexander Riccio\n\u003c/a\u003e\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\u003c!-- @@end-sponsors@@ --\u003e\n\nWant to see your name or logo above? Consider becoming a sponsor\nthrough one of the following:\n\n- [GitHub Sponsors](https://github.com/sponsors/woodruffw) (preferred)\n- [thanks.dev](https://thanks.dev/u/gh/woodruffw)\n- [ko-fi](https://ko-fi.com/woodruffw)\n\n## Star History\n\n\u003ca href=\"https://star-history.com/#zizmorcore/zizmor\u0026Date\"\u003e\n \u003cpicture\u003e\n   \u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://api.star-history.com/svg?repos=zizmorcore/zizmor\u0026type=Date\u0026theme=dark\" /\u003e\n   \u003csource media=\"(prefers-color-scheme: light)\" srcset=\"https://api.star-history.com/svg?repos=zizmorcore/zizmor\u0026type=Date\" /\u003e\n   \u003cimg alt=\"Star History Chart\" src=\"https://api.star-history.com/svg?repos=zizmorcore/zizmor\u0026type=Date\" /\u003e\n \u003c/picture\u003e\n\u003c/a\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzizmorcore%2Fzizmor","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fzizmorcore%2Fzizmor","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzizmorcore%2Fzizmor/lists"}