Skip to content

Add zizmor static analysis tool#1821

Open
musaabhasan wants to merge 1 commit into
analysis-tools-dev:masterfrom
musaabhasan:security/add-zizmor-static-analysis
Open

Add zizmor static analysis tool#1821
musaabhasan wants to merge 1 commit into
analysis-tools-dev:masterfrom
musaabhasan:security/add-zizmor-static-analysis

Conversation

@musaabhasan

Copy link
Copy Markdown

Summary

  • add zizmor to the static analysis tool catalog
  • classify it under CI, security, and YAML workflow analysis

Rationale

zizmor is a maintained open-source scanner for GitHub Actions workflow security. It helps identify risky CI/CD patterns such as excessive token permissions, template injection exposure, credential persistence, and unsafe workflow references.

Validation

  • added a single tool entry under data/tools/
  • followed the repository's contribution format
  • local render was not run because Rust/Cargo is not installed in this workstation environment
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

1 participant