zizmor
A static analysis tool for GitHub Actions that identifies common security issues in CI/CD setups.
| Category | DevSecOps & Pipeline Security |
|---|---|
| GitHub Stars | 1821 |
| Last Commit | 1 month ago |
| This page updated | a month ago |
| Pricing Details | Open Source under MIT License, free to use for personal and commercial purposes. |
| Target Audience | Developers and security professionals using GitHub Actions. |
zizmor is a static analysis tool specifically designed for GitHub Actions. It identifies common security issues in GitHub Actions CI/CD setups. Key features include security audits, configuration customization, and remote auditing capabilities. It integrates closely with GitHub Actions and can be run as part of a CI/CD pipeline to automate security audits. The tool is open-source and licensed under the MIT License, making it free to use for both personal and commercial purposes.