zizmor.zizmor 1.23.0

Static analysis for GitHub Actions.

zizmor is a static analysis tool for GitHub Actions. It can find many common security issues in typical GitHub Actions CI/CD setups, including: - Template injection vulnerabilities, leading to attacker-controlled code execution - Accidental credential persistence and leakage - Excessive permission scopes and credential grants to runners - Impostor commits and confusable git references - ...and much more!