The devel/zizmor port
zizmor-1.24.1 – static analysis tool for GitHub Actions
Description
zizmor is a static analysis tool for GitHub Actions.
It can find many common issues in typical GitHub Actions CI/CD setups,
including:
* Template injection vulnerabilities, leading to attacker-controlled
code execution
* Accidental credential persistence and leakage
* Excessive permission scopes and credential grants to runners
* Impostor commits and confusable git references
WWW: https://docs.zizmor.sh/
- Categories:
-
devel
lang/rust
Library dependencies
Build dependencies
Run dependencies