Lib.rs

Command line utilities
#github-actions #static-analysis #security #cli #runner

app zizmor

Static analysis for GitHub Actions

by William Woodruff and 25 contributors

30 releases (9 stable)

1.3.1 Feb 9, 2025
0.10.0 Dec 19, 2024
0.6.0 Nov 26, 2024

#18 in Command line utilities

Download history 765/week @ 2024-10-30 669/week @ 2024-11-06 931/week @ 2024-11-13 716/week @ 2024-11-20 628/week @ 2024-11-27 887/week @ 2024-12-04 1373/week @ 2024-12-11 780/week @ 2024-12-18 471/week @ 2024-12-25 948/week @ 2025-01-01 1243/week @ 2025-01-08 1799/week @ 2025-01-15 1268/week @ 2025-01-22 1663/week @ 2025-01-29 1414/week @ 2025-02-05 1007/week @ 2025-02-12

5,671 downloads per month

MIT license

300KB
6.5K SLoC

🌈 zizmor

CI Crates.io Packaging status GitHub Sponsors

zizmor is a static analysis tool for GitHub Actions.

It can find many common security issues in typical GitHub Actions CI/CD setups, including:

  • Template injection vulnerabilities, leading to attacker-controlled code execution
  • Accidental credential persistence and leakage
  • Excessive permission scopes and credential grants to runners
  • Impostor commits and confusable git references
  • ...and much more!

zizmor demo

See zizmor's documentation for installation steps, as well as a quickstart and detailed usage recipes.

License

zizmor is licensed under the MIT License.

Contributing

See our contributing guide!

The name?

Now you can have beautiful clean workflows!

Sponsors 💖

zizmor's development is supported by these amazing sponsors!


Astral

Star History

Star History Chart

Dependencies

~43–59MB
~1M SLoC