🌈 zizmor

zizmor is a static analysis tool for GitHub Actions.

It can find many common security issues in typical GitHub Actions CI/CD setups, including:

Template injection vulnerabilities, leading to attacker-controlled code execution
Accidental credential persistence and leakage
Excessive permission scopes and credential grants to runners
Impostor commits and confusable git references
...and much more!

See zizmor's documentation for installation steps, as well as a quickstart and detailed usage recipes.

License

zizmor is licensed under the MIT License.

Contributing

See our contributing guide!

The name?

Now you can have beautiful clean workflows!

Sponsors

zizmor's development is supported by these amazing sponsors!

Logo-level sponsors

Name-level sponsors

Want to see your name or logo above? Consider becoming a sponsor through one of the following:

Name		Name	Last commit message	Last commit date
Latest commit History 1,070 Commits
.cargo		.cargo
.github		.github
bench		bench
crates		crates
docs		docs
support		support
.gitignore		.gitignore
CONTRIBUTING.md		CONTRIBUTING.md
Cargo.lock		Cargo.lock
Cargo.toml		Cargo.toml
Dockerfile		Dockerfile
LICENSE		LICENSE
Makefile		Makefile
README.md		README.md
mise.toml		mise.toml
mkdocs.yml		mkdocs.yml
pyproject.toml		pyproject.toml
uv.lock		uv.lock

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

🌈 zizmor

License

Contributing

The name?

Sponsors

Star History

About

Uh oh!

Releases

Packages

Languages

License

DanilBox/zizmor

Folders and files

Latest commit

History

Repository files navigation

🌈 zizmor

License

Contributing

The name?

Sponsors

Star History

About

Resources

License

Contributing

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages