[工具详情]
zizmor
Static security analyzer for GitHub Actions workflows.
cisecurity 语言: yaml 平台: local
[适用场景]推荐
- ✓ Scan GitHub Actions workflows for security risks and hardening opportunities
- ✓ Review CI changes that affect tokens, permissions, or third-party actions
[不适用场景]避免
- ✕ The repository does not use GitHub Actions
- ✕ Findings would expose sensitive workflow details in shared logs
[安全约束]必须遵守
- ⚠ Redact repository-specific secrets and internal URLs from shared findings.
- ⚠ Review workflow permissions and third-party actions before applying suggested fixes.
[详细信息]原始元数据
- 命令
- zizmor
- 影响
- read_files, secret_exposure
[类似工具]03