Sunday, 12 April 2026 @ 06:31 UTC ~13 12,244 130,110

zizmor

William Woodruff · zizmor.zizmor

Static analysis for GitHub Actions.

zizmor is a static analysis tool for GitHub Actions. It can find many common security issues in typical GitHub Actions CI/CD setups, including: - Template injection vulnerabilities, leading to attacker-controlled code execution - Accidental credential persistence and leakage - Excessive permission scopes and credential grants to runners - Impostor commits and confusable git references - ...and much more!

winget install --id zizmor.zizmor --exact --source winget

Latest 1.23.1

Release Notes

Bug Fixes πŸ›πŸ”—

  • Fixed a bug where zizmor would error if given both a GH_TOKEN and a GITHUB_TOKEN (or ZIZMOR_GITHUB_TOKEN) via the environment (#1724)

Installer type: zip

Architecture Scope Download SHA256
x64 β€” Download 33C2293FF02834720DD7CD8B47348AAFB2E95A19BDC993C0ECACA9C804ADE92A

Details

Homepage
https://zizmor.sh/
License
MIT
Publisher
William Woodruff
Support
https://github.com/zizmorcore/zizmor/issues
Copyright
Copyright (c) 2024 William Woodruff <william @ yossarian.net>

Tags

github-actionssecuritysecurity-toolsstatic-analysis

Older versions (5)

1.23.0
Architecture Scope Download SHA256
x64 β€” Download 7707DE90A63A516B653A632D7348B1E089BF7F2C5DAF90CC45CBC4661EB324A0
1.22.0
Architecture Scope Download SHA256
x64 β€” Download 354AD2461D69D255FC7BFB8B359D4486440DF9AE15AF1EFB8F497B9F56F87E74
1.21.0
Architecture Scope Download SHA256
x64 β€” Download 978CFAB35E719D91B88966F0964D3A5E86E37EE3AA67EF7C3ED8E29B11886499
1.20.0
Architecture Scope Download SHA256
x64 β€” Download 01C11F0E0668AE1A46C015BED9F0EC589440606DA928078F6BCA87354C9FDE2F
1.19.0
Architecture Scope Download SHA256
x64 β€” Download D3C1A4A88953349A05F4B1CB5106537C26E23ED416CE3B56E1D0FDEDC75B9AAD