| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: zizmor | Distribution: openSUSE Tumbleweed |
| Version: 1.4.1 | Vendor: openSUSE |
| Release: 1.1 | Build date: Tue Feb 25 19:37:57 2025 |
| Group: Unspecified | Build host: reproducible |
| Size: 10696623 | Source RPM: zizmor-1.4.1-1.1.src.rpm |
| Packager: http://bugs.opensuse.org | |
| Url: https://github.com/woodruffw/zizmor | |
| Summary: A static analysis tool for GitHub Actions | |
zizmor is a static analysis tool for GitHub Actions. It can find many common security issues in typical GitHub Actions CI/CD setups.
MIT
* Tue Feb 25 2025 [email protected]
- Update to version 1.4.1:
* Bug Fixes
- Findings produced by (unredacted-secrets) now use the correct
ID and link to the correct URL in the audit documentation
(#566)
* Tue Feb 25 2025 [email protected]
- Update to version 1.4.0:
* New Features
- zizmor now has official Docker images! You can find them on
the GitHub Container Registry under ghcr.io/woodruffw/zizmor
(#532)
- New audit: unredacted-secrets detects secret accesses that
are not redacted in logs (#549)
* Improvements
- SARIF outputs are now slightly more aligned with GitHub Code
Scanning expectations (#528)
- # zizmor: ignore[rule] comments can now have trailing
explanations, e.g. # zizmor: ignore[rule] because reasons
(#531)
- The bot-conditions audit now detects github.triggering_actor
as another spoofable actor check (#559)
* Bug Fixes
- Fixed a bug where zizmor would fail to parse workflows with
workflow_dispatch triggers that contained non-string inputs
(#563)
* Upcoming Changes
- The next minor release of zizmor will be built with Rust
2024. This should have no effect on most users, but may
require users who build zizmor from source to update their
Rust toolchain.
* Mon Feb 10 2025 [email protected]
- Update to version 1.3.1:
* chore: prep for 1.3.1 release (#523)
* bugfix: bump github-actions-models to 0.25.0 (#522)
* docs: bump trophies (#521)
* docs: bump trophies (#520)
* bugfix: fix has_tag lookup (#519)
* docs: bump trophies (#515)
* docs: bump trophies (#512)
* bugfix: expr: make index rule non-atomic (#511)
* chore(deps): bump the github-actions group with 2 updates
(#509)
* chore(deps): bump the cargo group with 2 updates (#508)
* docs: bump trophies (#507)
* docs: update dev-docs (#505)
* README: more details (#504)
* docs: bump trophies (#503)
* bugfix: bump github-actions-models to 0.24.0 (#502)
* Wed Jan 29 2025 [email protected]
- Update to version 1.3.0:
* chore: prep for 1.3.0 release (#500)
* docs: bump trophies (#499)
* deps: bump indicatif from 0.17.9 to 0.17.11 (#498)
* Downgrade tracing-indicatif (#496)
* docs: bump trophies (#495)
* ci: attempt to fix arm build (#494)
* chore(deps): bump the github-actions group with 3 updates
(#493)
* chore(deps): bump the cargo group with 2 updates (#492)
* refactor: improve context handling (#491)
* feat(cli): add naches mode (#490)
* release-notes: record #485 (#489)
* feat: "raw" audit support + `overprovisioned-secrets` (#485)
* cli: reduce warning to info when skipping audits (#488)
* deps: bump github-actions-models (#487)
* docs: bump trophies (#486)
* docs: bump trophies (#484)
* Fix syntax in docs for bot-condition (#483)
* feat: improve parse error slightly (#482)
* docs: bump trophies (#481)
* chore(deps): bump the cargo group with 3 updates (#480)
* Add slash to avoid redirect (#478)
* bugfix: collect actions from subdirectories of
.github/workflows (#477)
* Mon Jan 20 2025 [email protected]
- Update to version 1.2.2:
* chore: prep for 1.2.2 release (#476)
* feat: improve error message when repo fetch fails (#475)
* bugfix: special-case workflow_call in excessive-permissions
(#473)
* Mon Jan 20 2025 [email protected]
- Update to version 1.2.1:
* chore: prep 1.2.1 (#470)
* bugfix: generalize path prefix handling (#469)
* chore(deps): bump astral-sh/setup-uv from 5.1.0 to 5.2.1 in the
github-actions group (#467)
* docs: try to fix the site (#466)
* chore: remove site-requirements.txt (#465)
* Mon Jan 20 2025 [email protected]
- Update to version 1.2.0:
* chore: prep 1.2.0 (#464)
* bugfix: bump github-actions-models (#463)
* bugfix: parse multi-line expressions correctly (#461)
* feat: bot-conditions (#460)
* ci: pypi: try enabling aarch64 on an ARM runner (#457)
* docs: typo (#456)
* docs: add sponsors to README and site (#454)
* bugfix: sarif: use absolute physical locations only (#453)
* chore(docs): bump trophies (#451)
* chore(docs): bump trophies (#450)
* refactor: reduce invalid states in job APIs (#449)
* fix: artipacked: check for stringy bools (#448)
* docs: bump trophies (#446)
* bugfix: mark another context as safe during injections (#445)
* docs: bump trophies (#444)
* docs: bump trophies (#443)
* docs: bump trophies (#442)
* refactor: make excessive-permissions more correct (#441)
* docs: bump trophies (#440)
* fix: don't flag local workflows in unpinned-uses (#439)
* Tue Jan 14 2025 [email protected]
- Update to version 1.1.1:
* chore: prep 1.1.1 (#438)
* chore(deps): bump the cargo group with 4 updates (#434)
* chore(deps): bump the github-actions group with 2 updates
(#436)
* fix: bump github-actions-models (#437)
* docs: bump trophies (#430)
* Mon Jan 13 2025 [email protected]
- Update to version 1.1.0:
This release comes with one new audit (secrets-inherit), plus a
slew of bugfixes and internal refactors that unblock future
improvements!
* Added
- New audit: secrets-inherit detects use of secrets: inherit
with reusable workflow calls (#408)
* Improved
- The template-injection audit now detects injections in calls
to azure/cli and azure/powershell (#421)
* Fixed
- The template-injection audit no longer consider
github.server_url dangerous (#412)
- The template-injection audit no longer crashes when
evaluating the static-ness of an environment for a uses: step
(#420)
* Wed Jan 08 2025 [email protected]
- Update to version 1.0.1:
This is a small quality and bugfix release. Thank you to
everybody who helped by reporting and shaking out bugs from our
first stable release!
* Improved
- The github-env audit now detects dangerous writes to
GITHUB_PATH, is more precise, and can produce multiple
findings per run block (#391)
* Fixed
- workflow_call.secrets keys with missing values are now parsed
correctly (#388)
- The cache-poisoning audit no longer incorrectly treats
docker/build-push-action as a publishing workflow is push:
false is explicitly set (#389)
- The template-injection audit no longer considers
github.action_path to be a potentially dangerous expansion
(#402)
- The github-env audit no longer skips run: steps with
non-trivial shell: stanzas (#403)
* Fri Jan 03 2025 Johannes Kastl <[email protected]>
- new package zizmore: a static analysis tool for GitHub Actions
/usr/bin/zizmor /usr/share/doc/packages/zizmor /usr/share/doc/packages/zizmor/README.md /usr/share/licenses/zizmor /usr/share/licenses/zizmor/LICENSE
Generated by rpm2html 1.8.1
Fabrice Bellet, Sun Mar 9 00:20:47 2025