FICHA · MANJARO

zizmor

A static analysis tool for GitHub Actions

  • security-tool
  • COMMAND-LINE
  • Launchable
  • Runs in terminal
official+codex · reviewed · May 29, 2026 description in en

Description

Analyzes GitHub Actions workflows for risky patterns and security problems before they reach CI. It helps maintainers find issues such as unsafe permissions, untrusted inputs, and workflow designs that could expose secrets.

Static analysis is guidance, not a complete security review. Confirm findings in context and combine it with dependency review, branch protection, and least-privilege CI settings.

How to run

zizmor

Commands: zizmor

Permissions

Permissions not analysed for this source yet.