zizmor
zizmor.zizmor
// WINGET INSTALL
> winget install zizmor.zizmor
About
zizmor is a static analysis tool for GitHub Actions. It can find many common security issues in typical GitHub Actions CI/CD setups, including: - Template injection vulnerabilities, leading to attacker-controlled code execution - Accidental credential persistence and leakage - Excessive permission scopes and credential grants to runners - Impostor commits and confusable git references - ...and much more!
Frequently Asked Questions
Open PowerShell or Command Prompt and run: winget install zizmor.zizmor. Winget is built into Windows 10 (1809+) and Windows 11.
Static analysis for GitHub Actions.
zizmor is available under the MIT license. Use winget or the direct download link on this page.
Run winget upgrade zizmor.zizmor in PowerShell or Windows Terminal to update zizmor to the latest available version.
Run winget uninstall zizmor.zizmor in an elevated PowerShell window, or go to Settings > Apps > Installed Apps and find zizmor.