zizmor.zizmor
zizmor
Static analysis for GitHub Actions.
v1.24.1
MIT
x64
zip
// install via winget
winget install zizmor.zizmor
// description
zizmor is a static analysis tool for GitHub Actions. It can find many common security issues in typical GitHub Actions CI/CD setups, including: - Template injection vulnerabilities, leading to attacker-controlled code execution - Accidental credential persistence and leakage - Excessive permission scopes and credential grants to runners - Impostor commits and confusable git references - ...and much more!
Publisher
William Woodruff
Version
1.24.1
License
MIT
Architecture
x64
Installer Type
zip
Package ID
zizmor.zizmor
// frequently asked questions
Open PowerShell or Command Prompt and run: winget install zizmor.zizmor. Winget is built into Windows 10 (1809+) and Windows 11.
Static analysis for GitHub Actions.
zizmor is available under the MIT license. Use winget or the direct download link on this page.
Run winget upgrade zizmor.zizmor in PowerShell or Windows Terminal to update zizmor to the latest version.
Run winget uninstall zizmor.zizmor in an elevated PowerShell window, or go to Settings > Apps > Installed Apps.