OSS Digest · projects · runs

← back

zizmorcore/zizmor

for project: aegis-api · https://github.com/zizmorcore/zizmor

# zizmorcore/zizmor

**URL:** https://github.com/zizmorcore/zizmor
**One-liner:** Static analysis tool for GitHub Actions workflows to detect security issues.
**Relevance to aegis-api:** high (90/100)
**Integration:** depend-on-it

## Summary
Static analysis for GitHub Actions workflows.

## Why it's useful here
Aegis API uses GitHub Actions for CI/CD; zizmor can scan its workflow files for template injection, credential leaks, and permission issues.

## Suggested use
Add `zizmor` as a CI step: `cargo install zizmor && zizmor .github/workflows/` to audit workflows before each deploy.

## Novelty / why now
Specialized tool focusing on CI/CD security for GitHub Actions, covering template injection, credential leakage, excessive permissions, and more.

## Risks
Low risk. Active development, MIT license, good community. No known issues.

## Safety scan
- Risk level: **low**
- Stars: 4758 (age 631d, 7.54 stars/day)
- Last push: 0 days ago
- Contributors: 92
- License: MIT
- Postinstall hooks: none
- Suspicious patterns: none
- Notes: (none)

### Reviewer safety notes
No safety concerns. MIT licensed, active with 92 contributors, 4.7k stars, last push 0 days ago.