Skip to content

Commit

Permalink
README: more details (#504)
Browse files Browse the repository at this point in the history
  • Loading branch information
@woodruffw
woodruffw authored Jan 30, 2025
1 parent 4d65955 commit 1dd0e48
Showing 1 changed file with 12 additions and 2 deletions.
14 changes: 12 additions & 2 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,18 @@
[![Packaging status](https://repology.org/badge/tiny-repos/zizmor.svg)](https://repology.org/project/zizmor/versions)
[![GitHub Sponsors](https://img.shields.io/github/sponsors/woodruffw?style=flat&logo=githubsponsors&labelColor=white&color=white)](https://github.com/sponsors/woodruffw)

`zizmor` is a static analysis tool for GitHub Actions. It can find
many common security issues in typical GitHub Actions CI/CD setups.
`zizmor` is a static analysis tool for GitHub Actions.

It can find many common security issues in typical GitHub Actions CI/CD setups,
including:

* Template injection vulnerabilities, leading to attacker-controlled code execution
* Accidental credential persistence and leakage
* Excessive permission scopes and credential grants to runners
* Impostor commits and confusable `git` references
* ...[and much more]!

[and much more]: https://woodruffw.github.io/zizmor/audits/

![zizmor demo](https://raw.githubusercontent.com/woodruffw/zizmor/main/docs/assets/zizmor-demo.gif)

Expand Down

0 comments on commit 1dd0e48

Please sign in to comment.