Static analysis for GitHub Actions
Project Links
Meta
Author: William Woodruff <william@yossarian.net>
Requires Python: >=3.10
Classifiers
๐ zizmor
zizmor is a static analysis tool for GitHub Actions.
It can find many common security issues in typical GitHub Actions CI/CD setups, including:
- Template injection vulnerabilities, leading to attacker-controlled code execution
- Accidental credential persistence and leakage
- Excessive permission scopes and credential grants to runners
- Impostor commits and confusable
gitreferences - ...and much more!
See zizmor's documentation
for installation steps, as well as a quickstart and
detailed usage recipes.
License
zizmor is licensed under the MIT License.
Contributing
The name?
Now you can have beautiful clean workflows!
Sponsors
zizmor's development is supported by these amazing sponsors!
Grafana Labs |
Trail of Bits |
Shipfox |
Kusari |
| Alexander Riccio |
Want to see your name or logo above? Consider becoming a sponsor through one of the following:
- GitHub Sponsors (preferred)
- thanks.dev
- ko-fi
Star History
1.23.1
Mar 08, 2026
1.23.0
Mar 08, 2026
1.23.0rc7
Mar 08, 2026
1.23.0rc6
Mar 08, 2026
1.23.0rc5
Feb 25, 2026
1.23.0rc1
Feb 23, 2026
1.22.0
Jan 17, 2026
1.21.0
Jan 16, 2026
1.20.0
Jan 06, 2026
1.19.0
Dec 18, 2025
1.18.0
Nov 29, 2025
1.18.0rc3
Nov 29, 2025
1.18.0rc2
Nov 29, 2025
1.17.0
Nov 25, 2025
1.16.3
Nov 05, 2025
1.16.2
Nov 02, 2025
1.16.1
Oct 29, 2025
1.16.0
Oct 24, 2025
1.15.2
Oct 14, 2025
1.15.1
Oct 14, 2025
1.15.0
Oct 13, 2025
1.14.2
Sep 29, 2025
1.14.1
Sep 26, 2025
1.14.0
Sep 26, 2025
1.13.0
Sep 12, 2025
1.12.1
Aug 15, 2025
1.12.0
Aug 13, 2025
1.11.1rc1
Jul 02, 2025
1.11.0
Jun 30, 2025
1.10.0
Jun 26, 2025
1.9.0
May 30, 2025
1.8.0
May 20, 2025
1.8.0rc2
May 20, 2025
1.8.0rc1
May 20, 2025
1.7.0
May 09, 2025
1.6.0
Apr 20, 2025
1.5.2
Mar 23, 2025
1.5.1
Mar 12, 2025
1.5.0
Mar 11, 2025
1.4.1
Feb 25, 2025
1.4.0
Feb 25, 2025
1.3.1
Feb 09, 2025
1.3.0
Jan 29, 2025
1.2.2
Jan 19, 2025
1.2.1
Jan 18, 2025
1.2.0
Jan 18, 2025
1.1.1
Jan 13, 2025
1.1.0
Jan 13, 2025
1.0.1
Jan 07, 2025
1.0.0
Jan 02, 2025
0.10.0
Dec 19, 2024
0.9.2
Dec 15, 2024
0.9.1
Dec 12, 2024
0.9.0
Dec 12, 2024
0.8.0
Dec 06, 2024
Wheel compatibility matrix
Files in release
zizmor-1.23.1-py3-none-macosx_10_12_x86_64.whl (8.7MiB)
zizmor-1.23.1-py3-none-macosx_11_0_arm64.whl (8.3MiB)
zizmor-1.23.1-py3-none-manylinux_2_24_aarch64.whl (8.4MiB)
zizmor-1.23.1-py3-none-manylinux_2_28_armv7l.whl (8.0MiB)
zizmor-1.23.1-py3-none-manylinux_2_28_x86_64.whl (8.8MiB)
zizmor-1.23.1-py3-none-musllinux_1_2_aarch64.whl (8.4MiB)
zizmor-1.23.1-py3-none-musllinux_1_2_armv7l.whl (7.9MiB)
zizmor-1.23.1-py3-none-musllinux_1_2_x86_64.whl (8.9MiB)
zizmor-1.23.1-py3-none-win32.whl (7.1MiB)
zizmor-1.23.1-py3-none-win_amd64.whl (8.1MiB)
zizmor-1.23.1.tar.gz (453.1KiB)
No dependencies