← [返回工具库]
[工具详情]

zizmor

中 风险

Static security analyzer for GitHub Actions workflows.

cisecurity 语言: yaml 平台: local
[适用场景]推荐
  • Scan GitHub Actions workflows for security risks and hardening opportunities
  • Review CI changes that affect tokens, permissions, or third-party actions
[不适用场景]避免
  • The repository does not use GitHub Actions
  • Findings would expose sensitive workflow details in shared logs
[安全约束]必须遵守
[详细信息]原始元数据
命令
zizmor
影响
read_files, secret_exposure
[类似工具]03