[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-5843":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":14,"stars7d":17,"stars30d":18,"stars90d":16,"forks30d":16,"starsTrendScore":19,"compositeScore":20,"rankGlobal":10,"rankLanguage":10,"license":21,"archived":22,"fork":22,"defaultBranch":23,"hasWiki":22,"hasPages":24,"topics":25,"createdAt":10,"pushedAt":10,"updatedAt":30,"readmeContent":31,"aiSummary":32,"trendingCount":16,"starSnapshotCount":16,"syncStatus":33,"lastSyncTime":34,"discoverSource":35},5843,"zizmor","zizmorcore\u002Fzizmor","zizmorcore","Static analysis for GitHub Actions","http:\u002F\u002Fdocs.zizmor.sh\u002F",null,"Rust",5615,216,15,114,0,130,1094,100,113.01,"MIT License",false,"main",true,[26,27,28,29],"github-actions","security","security-tools","static-analysis","2026-06-12 04:00:27","# 🌈 zizmor\n\n[![zizmor](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002F%F0%9F%8C%88-zizmor-white?labelColor=white)](https:\u002F\u002Fzizmor.sh\u002F)\n[![CI](https:\u002F\u002Fgithub.com\u002Fzizmorcore\u002Fzizmor\u002Factions\u002Fworkflows\u002Fci.yml\u002Fbadge.svg)](https:\u002F\u002Fgithub.com\u002Fzizmorcore\u002Fzizmor\u002Factions\u002Fworkflows\u002Fci.yml)\n[![Crates.io](https:\u002F\u002Fimg.shields.io\u002Fcrates\u002Fv\u002Fzizmor)](https:\u002F\u002Fcrates.io\u002Fcrates\u002Fzizmor)\n[![Packaging status](https:\u002F\u002Fimg.shields.io\u002Frepology\u002Frepositories\u002Fzizmor)](https:\u002F\u002Frepology.org\u002Fproject\u002Fzizmor\u002Fversions)\n[![GitHub Sponsors](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fsponsors\u002Fwoodruffw?style=flat&logo=githubsponsors&labelColor=white&color=white)](https:\u002F\u002Fgithub.com\u002Fsponsors\u002Fwoodruffw)\n[![Discord](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FDiscord-%235865F2.svg?logo=discord&logoColor=white)](https:\u002F\u002Fdiscord.com\u002Finvite\u002FPGU3zGZuGG)\n\n`zizmor` is a static analysis tool for GitHub Actions.\n\nIt can find many common security issues in typical GitHub Actions CI\u002FCD setups,\nincluding:\n\n* Template injection vulnerabilities, leading to attacker-controlled code execution\n* Accidental credential persistence and leakage\n* Excessive permission scopes and credential grants to runners\n* Impostor commits and confusable `git` references\n* ...[and much more]!\n\n[and much more]: https:\u002F\u002Fdocs.zizmor.sh\u002Faudits\u002F\n\n![zizmor demo](https:\u002F\u002Fzizmor.sh\u002Fassets\u002Fzizmor-demo.gif)\n\nSee [`zizmor`'s documentation](https:\u002F\u002Fdocs.zizmor.sh\u002F)\nfor [installation steps], as well as a [quickstart] and\n[detailed usage recipes].\n\n[please file them]: https:\u002F\u002Fgithub.com\u002Fzizmorcore\u002Fzizmor\u002Fissues\u002Fnew?assignees=&labels=bug%2Ctriage&projects=&template=bug-report.yml&title=%5BBUG%5D%3A+\n\n[installation steps]: https:\u002F\u002Fdocs.zizmor.sh\u002Finstallation\u002F\n\n[quickstart]: https:\u002F\u002Fdocs.zizmor.sh\u002Fquickstart\u002F\n\n[detailed usage recipes]: https:\u002F\u002Fdocs.zizmor.sh\u002Fusage\u002F\n\n## License\n\n`zizmor` is licensed under the [MIT License](.\u002FLICENSE).\n\n## Contributing\n\nSee [our contributing guide!](.\u002FCONTRIBUTING.md)\n\n## The name?\n\n*[Now you can have beautiful clean workflows!]*\n\n[Now you can have beautiful clean workflows!]: https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=ol7rxFCvpy8\n\n## Sponsors\n\n`zizmor`'s development is supported by these amazing sponsors!\n\n\u003C!-- @@begin-sponsors@@ -->\n\u003Ctable width=\"100%\">\n\u003Ccaption>Logo-level sponsors\u003C\u002Fcaption>\n\u003Ctbody>\n\u003Ctr>\n\u003Ctd align=\"center\" valign=\"top\" width=\"15%\">\n\u003Ca href=\"https:\u002F\u002Fgrafana.com\u002F\">\n\u003Cimg src=\"https:\u002F\u002Favatars.githubusercontent.com\u002Fu\u002F7195757?s=100&v=4\" width=\"100px\">\n\u003Cbr>\nGrafana Labs\n\u003C\u002Fa>\n\u003C\u002Ftd>\n\u003Ctd align=\"center\" valign=\"top\" width=\"15%\">\n\u003Ca href=\"https:\u002F\u002Ftrailofbits.com\u002F\">\n\u003Cimg src=\"https:\u002F\u002Favatars.githubusercontent.com\u002Fu\u002F2314423?s=100&v=4\" width=\"100px\">\n\u003Cbr>\nTrail of Bits\n\u003C\u002Fa>\n\u003C\u002Ftd>\n\u003Ctd align=\"center\" valign=\"top\" width=\"15%\">\n\u003Ca href=\"https:\u002F\u002Fwww.shipfox.io\">\n\u003Cimg src=\"https:\u002F\u002Favatars.githubusercontent.com\u002Fu\u002F163036520?s=100&v=4\" width=\"100px\">\n\u003Cbr>\nShipfox\n\u003C\u002Fa>\n\u003C\u002Ftd>\n\u003Ctd align=\"center\" valign=\"top\" width=\"15%\">\n\u003Ca href=\"https:\u002F\u002Fkusari.dev\">\n\u003Cimg src=\"https:\u002F\u002Favatars.githubusercontent.com\u002Fu\u002F105390000?s=100&v=4\" width=\"100px\">\n\u003Cbr>\nKusari\n\u003C\u002Fa>\n\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftbody>\n\u003C\u002Ftable>\n\u003Chr align=\"center\">\n\u003Ctable width=\"100%\">\n\u003Ccaption>Name-level sponsors\u003C\u002Fcaption>\n\u003Ctbody>\n\u003Ctr>\n\u003Ctd align=\"center\" valign=\"top\">\n\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fariccio\">\nAlexander Riccio\n\u003C\u002Fa>\n\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftbody>\n\u003C\u002Ftable>\n\u003C!-- @@end-sponsors@@ -->\n\nWant to see your name or logo above? Consider becoming a sponsor\nthrough one of the following:\n\n- [GitHub Sponsors](https:\u002F\u002Fgithub.com\u002Fsponsors\u002Fwoodruffw) (preferred)\n- [thanks.dev](https:\u002F\u002Fthanks.dev\u002Fu\u002Fgh\u002Fwoodruffw)\n- [ko-fi](https:\u002F\u002Fko-fi.com\u002Fwoodruffw)\n\n## Star History\n\n\u003Ca href=\"https:\u002F\u002Fstar-history.com\u002F#zizmorcore\u002Fzizmor&Date\">\n \u003Cpicture>\n   \u003Csource media=\"(prefers-color-scheme: dark)\" srcset=\"https:\u002F\u002Fapi.star-history.com\u002Fsvg?repos=zizmorcore\u002Fzizmor&type=Date&theme=dark\" \u002F>\n   \u003Csource media=\"(prefers-color-scheme: light)\" srcset=\"https:\u002F\u002Fapi.star-history.com\u002Fsvg?repos=zizmorcore\u002Fzizmor&type=Date\" \u002F>\n   \u003Cimg alt=\"Star History Chart\" src=\"https:\u002F\u002Fapi.star-history.com\u002Fsvg?repos=zizmorcore\u002Fzizmor&type=Date\" \u002F>\n \u003C\u002Fpicture>\n\u003C\u002Fa>\n","zizmor 是一个针对 GitHub Actions 的静态分析工具。它能够检测出 CI\u002FCD 设置中常见的多种安全问题，包括模板注入漏洞、意外的凭证持久化和泄露、过度的权限范围以及冒名提交等。该工具使用 Rust 语言开发，具备高效且精确的分析能力。适用于需要加强 GitHub Actions 安全性检查的各种场景，如企业级应用开发、开源项目维护等。通过 zizmor，开发者可以有效提升工作流的安全性和合规性。",2,"2026-06-11 03:05:09","top_language"]