issues
search
woodruffw
/
zizmor
A tool for finding security issues in GitHub Actions setups.
https://crates.io/crates/zizmor
MIT License
60
stars
2
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
SARIF files are missing detailed finding information
#66
fcasal
opened
3 hours ago
0
fix: bump github-action-models
#65
woodruffw
closed
3 hours ago
0
Error parsing github actions workflow
#64
mcpherrinm
closed
3 hours ago
4
Output: evaluate `codespan` as an alternative to `annotate-snippets`
#63
woodruffw
opened
6 hours ago
0
template-injection: `github.ref_name` is always bad
#62
woodruffw
opened
6 hours ago
0
Fix typo: security -> securely
#61
hugovk
closed
7 hours ago
0
Add option to only show findings at given level
#60
hugovk
opened
8 hours ago
0
direct use of branches
#59
hellodword
opened
12 hours ago
3
gha-hazmat is private
#58
hellodword
closed
7 hours ago
2
GHA security report cannot show preview
#57
colindean
opened
18 hours ago
2
Are environment variables from previous steps insecure?
#56
nedbat
closed
20 hours ago
4
Testing: add known-output tests
#55
woodruffw
opened
1 day ago
0
Can github.sha expand into attacker-controllable code?
#54
nedbat
closed
1 day ago
2
Warn if the workflow itself is invalid
#53
woodruffw
opened
1 day ago
0
Caching: persist between runs
#52
woodruffw
opened
1 day ago
0
Complains incorrectly about persist-credentials
#51
nedbat
closed
1 day ago
4
Support remote auditing?
#50
woodruffw
opened
1 day ago
2
feat: Step::location_with_name
#49
woodruffw
closed
1 day ago
0
Docs: make a website?
#48
woodruffw
opened
4 days ago
0
Docs: add requirements to each audit's docs
#47
woodruffw
opened
4 days ago
0
Docs: document adding or modifying an audit
#46
woodruffw
opened
4 days ago
0
docs: begin adding per-audit docs
#45
woodruffw
closed
4 days ago
0
fix: clear progress bar once complete
#44
miketheman
closed
1 week ago
0
When running explicitly in offline mode, don't emit warnings for offline audits
#43
miketheman
opened
1 week ago
1
chore: set minimum working rust version
#42
miketheman
closed
1 week ago
0
begin work on an expression parser
#41
woodruffw
closed
4 days ago
0
Track progress with `tracing` + `tracing_indicatif`
#40
woodruffw
opened
1 week ago
0
Pervasive metrics
#39
woodruffw
opened
2 weeks ago
1
Pervasive caching
#38
woodruffw
closed
1 week ago
0
Known vulnerabilities
#37
woodruffw
closed
2 weeks ago
1
Known insecure/exploitable actions
#36
woodruffw
closed
2 weeks ago
1
template_injection: handle actions/github-script
#35
woodruffw
closed
2 weeks ago
0
Add self-hosted runner audit
#34
woodruffw
closed
2 weeks ago
0
pull_request_target -> dangerous_triggers
#33
woodruffw
closed
1 month ago
0
initial progress bar
#32
woodruffw
closed
1 month ago
0
Progress bars/reporting
#31
woodruffw
closed
1 month ago
0
begin prepping README
#30
woodruffw
closed
1 month ago
0
Output formats: progressive enhancement with GitHub Actions?
#29
woodruffw
opened
1 month ago
0
Support a fix mode?
#28
woodruffw
opened
1 month ago
1
render: skeleton for findings summary
#27
woodruffw
closed
1 month ago
0
Extract expressions with a small parser
#26
woodruffw
closed
1 month ago
0
Fix expression extraction
#25
woodruffw
closed
1 month ago
0
begin fixing template_injection on static matrices
#24
woodruffw
closed
1 month ago
0
Include a summary code of the number of each type of warning/error/whatever at the end of terminal output
#23
alex
closed
1 month ago
1
Template injection: don't flag on `matrix` expansions when the matrix is statically defined
#22
woodruffw
opened
1 month ago
3
refactor symbolic locations
#21
woodruffw
closed
1 month ago
0
Refactor location concretization
#20
woodruffw
closed
1 month ago
0
Plain output: render confidence
#19
woodruffw
opened
1 month ago
0
TTY rendering
#18
woodruffw
closed
1 month ago
0
`WorkflowLocation` should know its full location
#17
woodruffw
closed
1 month ago
1
Next