https://github.com/woodruffw/zizmor
A static analysis tool for GitHub Actions
https://github.com/woodruffw/zizmor
github-actions security security-tools static-analysis
Last synced: 10 days ago
JSON representation
A static analysis tool for GitHub Actions
- Host: GitHub
- URL: https://github.com/woodruffw/zizmor
- Owner: woodruffw
- License: mit
- Created: 2024-08-19T18:26:28.000Z (9 months ago)
- Default Branch: main
- Last Pushed: 2025-04-22T16:04:26.000Z (11 days ago)
- Last Synced: 2025-04-23T17:19:27.355Z (10 days ago)
- Topics: github-actions, security, security-tools, static-analysis
- Language: Rust
- Homepage: https://woodruffw.github.io/zizmor/
- Size: 1.65 MB
- Stars: 2,277
- Watchers: 8
- Forks: 62
- Open Issues: 51
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
Awesome Lists containing this project
- awesome-github-repos - woodruffw/zizmor - A static analysis tool for GitHub Actions (Rust)
README
# 🌈 zizmor
[](https://github.com/woodruffw/zizmor/actions/workflows/ci.yml)
[](https://crates.io/crates/zizmor)
[](https://repology.org/project/zizmor/versions)
[](https://github.com/sponsors/woodruffw)`zizmor` is a static analysis tool for GitHub Actions.
It can find many common security issues in typical GitHub Actions CI/CD setups,
including:* Template injection vulnerabilities, leading to attacker-controlled code execution
* Accidental credential persistence and leakage
* Excessive permission scopes and credential grants to runners
* Impostor commits and confusable `git` references
* ...[and much more]![and much more]: https://woodruffw.github.io/zizmor/audits/

See [`zizmor`'s documentation](https://woodruffw.github.io/zizmor/)
for [installation steps], as well as a [quickstart] and
[detailed usage recipes].[please file them]: https://github.com/woodruffw/zizmor/issues/new?assignees=&labels=bug%2Ctriage&projects=&template=bug-report.yml&title=%5BBUG%5D%3A+
[installation steps]: https://woodruffw.github.io/zizmor/installation/
[quickstart]: https://woodruffw.github.io/zizmor/quickstart/
[detailed usage recipes]: https://woodruffw.github.io/zizmor/usage/
## License
`zizmor` is licensed under the [MIT License](./LICENSE).
## Contributing
See [our contributing guide!](./CONTRIBUTING.md)
## The name?
*[Now you can have beautiful clean workflows!]*
[Now you can have beautiful clean workflows!]: https://www.youtube.com/watch?v=ol7rxFCvpy8
## Sponsors 💖
`zizmor`'s development is supported by these amazing sponsors!
## Star History