static analysis tool for GitHub Actions
zizmor is a static analysis tool for GitHub Actions. It can find many common issues in typical GitHub Actions CI/CD setups, including: * Template injection vulnerabilities, leading to attacker-controlled code execution * Accidental credential persistence and leakage * Excessive permission scopes and credential grants to runners * Impostor commits and confusable git references
Homepage: https://docs.zizmor.sh/
Maintainer: Theo Buehler <tb@openbsd.org>