zizmor

by William Woodruff

Static analysis for GitHub Actions.

Version
1.24.1
License
MIT
Installer
zip
Arch
x64
Package ID
zizmor.zizmor
github-actionssecuritysecurity-toolsstatic-analysis

// install via winget

Command Prompt & PowerShell click to copy 
winget install zizmor.zizmor

// direct download

Download Installer

// about zizmor

zizmor is a static analysis tool for GitHub Actions. It can find many common security issues in typical GitHub Actions CI/CD setups, including: - Template injection vulnerabilities, leading to attacker-controlled code execution - Accidental credential persistence and leakage - Excessive permission scopes and credential grants to runners - Impostor commits and confusable git references - ...and much more!

// frequently asked questions

How do I install zizmor using winget?
Open PowerShell or Windows Terminal and run: winget install zizmor.zizmor. Winget ships with Windows 10 (1809+) and Windows 11 — no additional install needed.
What is zizmor?
Static analysis for GitHub Actions.
Is zizmor free to download?
zizmor is distributed under the MIT license. Use the winget command above or click the download button to get the installer directly from the publisher.
How do I update zizmor with winget?
Run winget upgrade zizmor.zizmor in PowerShell or Windows Terminal to update zizmor to the latest available version.
What architecture does zizmor support?
The listed installer targets the x64 architecture. See the publisher’s documentation for full compatibility details.