Description:
Find security issues in GitHub Actions setups
|
|
Type: Formula
|
Latest Version: 1.18.0@0
|
Tracked Since: Dec 18, 2025
|
|
Links:
Homepage |
formulae.brew.sh
|
|
Category: Security
|
|
Tags:
security
devops
ci-cd
github-actions
static-analysis
|
|
Install:
brew install zizmor
|
About:
zizmor is a static analysis tool designed to identify security vulnerabilities in GitHub Actions workflows. It scans YAML configuration files to detect common misconfigurations and anti-patterns, such as untrusted code execution and secret exfiltration. The tool helps developers secure their CI/CD pipelines by providing actionable insights before vulnerabilities can be exploited.
|
Key Features:
- Static analysis of GitHub Actions YAML workflows
- Detects common security anti-patterns and misconfigurations
- Provides actionable remediation guidance
- Fast, command-line interface for easy integration
|
Use Cases:
- Auditing existing GitHub Actions workflows for security flaws
- Integrating into CI/CD pipelines for automated security checks
- Educating developers on secure GitHub Actions practices
|
Alternatives:
-
actionlint
– actionlint focuses on syntax and general best practices, while zizmor is specialized for security vulnerabilities.
-
Semgrep
– Semgrep is a general-purpose static analysis tool that can be configured to scan workflows, whereas zizmor is purpose-built for GitHub Actions security.
|
| Detected |
Version |
Rev |
Change |
Commit |
| Dec 18, 2025 11:20pm |
1.18.0 |
0 |
VERSION_BUMP |
7c92acac |
| Oct 29, 2025 2:59am |
|
0 |
VERSION_BUMP |
7439a23c |
| Oct 14, 2025 5:32pm |
|
0 |
VERSION_BUMP |
07a258fe |
| Oct 14, 2025 7:14am |
|
0 |
VERSION_BUMP |
1cc45db0 |
| Oct 14, 2025 12:02am |
|
0 |
VERSION_BUMP |
77d8fdce |
| Sep 26, 2025 8:22pm |
|
0 |
VERSION_BUMP |
f4d49063 |
| Sep 13, 2025 3:36am |
|
0 |
VERSION_BUMP |
1ac34620 |
| Jan 13, 2025 5:17pm |
|
0 |
VERSION_BUMP |
d9ba3482 |
| Jan 7, 2025 8:25pm |
|
0 |
VERSION_BUMP |
bd5b8d50 |
| Dec 15, 2024 5:11pm |
|
0 |
VERSION_BUMP |
fbde0fbc |
| Dec 12, 2024 8:25pm |
|
0 |
VERSION_BUMP |
c914e8c1 |
| Dec 6, 2024 11:11pm |
|
0 |
VERSION_BUMP |
505a424d |
| Dec 3, 2024 11:26pm |
|
0 |
VERSION_BUMP |
a823b2e9 |
| Nov 26, 2024 5:26pm |
|
0 |
VERSION_BUMP |
5ffca08a |
| Nov 16, 2024 2:28am |
|
0 |
VERSION_BUMP |
f04c532c |
| Nov 16, 2024 1:33am |
|
0 |
VERSION_BUMP |
673ac96d |
| Nov 14, 2024 4:34am |
|
0 |
VERSION_BUMP |
e4276027 |
| Nov 14, 2024 4:16am |
|
0 |
VERSION_BUMP |
fc75b5fe |
| Nov 10, 2024 2:32pm |
|
0 |
VERSION_BUMP |
66ba5e34 |
| Nov 3, 2024 4:26pm |
|
0 |
VERSION_BUMP |
558c8017 |
| Nov 3, 2024 4:00pm |
|
0 |
VERSION_BUMP |
35e736d6 |
| Oct 31, 2024 7:52pm |
|
0 |
VERSION_BUMP |
b81b6aa6 |
| Oct 31, 2024 4:00pm |
|
0 |
VERSION_BUMP |
09251c5f |
| Oct 29, 2024 8:41pm |
|
0 |
VERSION_BUMP |
27a4f6f6 |
| Oct 29, 2024 5:14pm |
|
0 |
VERSION_BUMP |
72c85268 |
|