-
-
Notifications
You must be signed in to change notification settings - Fork 91
Insights: zizmorcore/zizmor
Overview
Could not load contribution data
Please try again later
3 Releases published by 1 person
-
v1.10.0
published
Jun 26, 2025 -
v1.11.0
published
Jun 30, 2025 -
v1.11.1-rc1
published
Jul 2, 2025
56 Pull requests merged by 7 people
-
chore(docs): update sponsors
#1025 merged
Jul 14, 2025 -
chore(docs): fix an issue link
#1024 merged
Jul 14, 2025 -
Use older Ubuntu runners for Debian compatibility
#1018 merged
Jul 10, 2025 -
chore: bump yamlpatch, yamlpath crates
#1016 merged
Jul 9, 2025 -
chore(docs): bump trophies
#1015 merged
Jul 9, 2025 -
refactor: dedupe route/query types
#1014 merged
Jul 9, 2025 -
Add Fix for cache-poisoning audit rule
#923 merged
Jul 9, 2025 -
bugfix(cli): forbid some empty values for options
#1013 merged
Jul 7, 2025 -
chore(deps): bump the cargo group with 3 updates
#1012 merged
Jul 7, 2025 -
chore(docs): add yamlpatch to list of crates
#1009 merged
Jul 2, 2025 -
Extract yamlpatch into a support crate
#1001 merged
Jul 2, 2025 -
chore: prep for 1.11.1-rc1 release
#1008 merged
Jul 2, 2025 -
chore(ci): move zizmor crate publish to trusted publishing
#1007 merged
Jul 2, 2025 -
chore(ci): try using TP for support crates
#1006 merged
Jul 2, 2025 -
chore(ci): refactor package name handling for support crates
#1005 merged
Jul 2, 2025 -
chore(ci): add environments to crates.io workflows
#1004 merged
Jul 2, 2025 -
refactor: simplify MergeInto patch op
#999 merged
Jul 1, 2025 -
Fix autofix for template-injection
#995 merged
Jul 1, 2025 -
chore: release 1.11.0
#993 merged
Jun 30, 2025 -
feat: LSP skeleton code from #607
#984 merged
Jun 30, 2025 -
chore(deps): bump the github-actions group with 3 updates
#990 merged
Jun 30, 2025 -
chore(deps): bump the cargo group with 3 updates
#991 merged
Jun 30, 2025 -
bugfix: repro, #988
#989 merged
Jun 30, 2025 -
chore: remove descriptions from fixes
#985 merged
Jun 28, 2025 -
Add Fix for bot-conditions audit rule
#921 merged
Jun 28, 2025 -
refactor: move audit registration into AuditRegistry
#983 merged
Jun 27, 2025 -
chore(deps): bump http-cache-reqwest to 0.16.0
#982 merged
Jun 26, 2025 -
chore(deps): bump http-cache-reqwest to 0.15.2
#980 merged
Jun 26, 2025 -
chore(docs): remove demo file, link to zizmor.sh
#978 merged
Jun 26, 2025 -
chore: prep for release v1.10.0
#977 merged
Jun 26, 2025 -
chore(deps): bump yamlpath
#976 merged
Jun 26, 2025 -
refactor: prepare fix mode for a public experimental release
#975 merged
Jun 26, 2025 -
chore(docs): bump trophies
#974 merged
Jun 25, 2025 -
refactor: more fix API cleanup
#973 merged
Jun 25, 2025 -
chore(ci): fix test path, remove an action
#971 merged
Jun 25, 2025 -
chore(deps): bump all support crate versions
#970 merged
Jun 25, 2025 -
feat: detect computed indices as potential obfuscation
#969 merged
Jun 25, 2025 -
refactor: dedupe primary location handling
#968 merged
Jun 24, 2025 -
chore: refactor fix input key handling
#966 merged
Jun 24, 2025 -
chore(deps): bump tree-sitter-powershell from 0.25.2 to 0.25.6 in the cargo group
#965 merged
Jun 23, 2025 -
chore(deps): bump the github-actions group with 3 updates
#964 merged
Jun 23, 2025 -
template-injection: add subfeatures
#958 merged
Jun 23, 2025 -
chore(tests): update default branch for homebrew actions
#962 merged
Jun 22, 2025 -
chore(docs): add Trail of Bits as a sponsor
#961 merged
Jun 21, 2025 -
bugfix: eliminate a panic when auditing composite actions
#960 merged
Jun 21, 2025 -
feat: location subspans/subfeatures
#949 merged
Jun 19, 2025 -
feat: better error messages for invalid inputs
#956 merged
Jun 19, 2025 -
chore: add a debug message when registering inputs
#955 merged
Jun 19, 2025 -
chore(docs): add trophy for philips-software/amp-devcontainer
#953 merged
Jun 19, 2025 -
chore(cli): add --thanks
#951 merged
Jun 18, 2025 -
chore(docs): update sponsors
#950 merged
Jun 18, 2025 -
docs: Unfix accidentally-fixed pinning example
#948 merged
Jun 16, 2025 -
refactor: add spanning to expressions
#945 merged
Jun 16, 2025 -
chore(deps): bump the cargo group with 6 updates
#947 merged
Jun 16, 2025 -
chore(deps): bump the github-actions group with 3 updates
#946 merged
Jun 16, 2025
8 Pull requests opened by 6 people
-
feat: new audit: ref-version-mismatch
#972 opened
Jun 25, 2025 -
refactor: simplify and correct Remove op
#1000 opened
Jul 1, 2025 -
fix: treat empty config path as unset
#1010 opened
Jul 3, 2025 -
Add Fix for known-vulnerable-actions audit rule
#1019 opened
Jul 10, 2025 -
Fix Remove operation for flow mappings and sequences
#1020 opened
Jul 10, 2025 -
bugfix: sanitize gh_token & avoid panic
#1027 opened
Jul 14, 2025 -
chore(deps): bump the cargo group with 6 updates
#1028 opened
Jul 14, 2025 -
chore(deps): bump rust-lang/crates-io-auth-action from 1.0.0 to 1.0.1 in the github-actions group
#1029 opened
Jul 14, 2025
18 Issues closed by 3 people
-
[BUG]: Cargo install fails
#1026 closed
Jul 14, 2025 -
Feature: Require "permissions" properties at the workflow and job level
#1022 closed
Jul 13, 2025 -
[BUG]: not working on debian stable
#1017 closed
Jul 10, 2025 -
Audit idea: use of `github.ref` and `GITHUB_REF`
#939 closed
Jul 9, 2025 -
CI: Switch to Trusted Publishing on crates.io
#1003 closed
Jul 2, 2025 -
Support a fix mode?
#28 closed
Jul 2, 2025 -
[BOT] New Wolfi OS version for zizmor: 1.11.0
#998 closed
Jul 1, 2025 -
[BUG]: auto fix for `template-injection` removes comments from `env` block
#992 closed
Jul 1, 2025 -
LSP for IntelliJ/PHPStorm
#996 closed
Jul 1, 2025 -
Feature: IDE extensions
#516 closed
Jun 30, 2025 -
[BUG]: String slicing panic with multibyte characters in workflow files
#988 closed
Jun 30, 2025 -
Feature: Link to the audit rules doc from the errors
#987 closed
Jun 30, 2025 -
[BUG] False positive detection for artipacked when `persist-credentials: false` is properly set
#755 closed
Jun 27, 2025 -
[BOT] New Wolfi OS version for zizmor: 1.10.0
#981 closed
Jun 26, 2025 -
[BUG]: Rust newb can't install 1.10.0
#979 closed
Jun 26, 2025 -
Feature: `obfuscation` audit should check for computed indices
#762 closed
Jun 25, 2025 -
Figure out sub-field spanning
#240 closed
Jun 19, 2025 -
Unclear error message when a workflow fails to parse
#952 closed
Jun 19, 2025
8 Issues opened by 4 people
-
Feature: Require or recommend the `timeout-minutes` property for all jobs
#1023 opened
Jul 13, 2025 -
[BUG]: Panic if GH_TOKEN contains unexpected characters
#1021 opened
Jul 13, 2025 -
[BUG]: Inconsistencies between LSP mode and zizmor
#1002 opened
Jul 2, 2025 -
LSP mode: switch to tower-lsp-server
#994 opened
Jun 30, 2025 -
[META] LSP mode
#986 opened
Jun 28, 2025 -
Figure out a good way to test `--fix` in snapshots
#967 opened
Jun 24, 2025 -
[META] Adding subfeatures to audits
#963 opened
Jun 23, 2025 -
Feat: obfuscation should detect ineffective `if:` conditions
#954 opened
Jun 19, 2025
7 Unresolved conversations
Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.
-
feat: Audit secrets outside an environment
#637 commented on
Jul 2, 2025 • 1 new comment -
[BUG]: impostor-commit audit tries lookup on wrong github instance
#735 commented on
Jun 20, 2025 • 0 new comments -
[BUG]: credential persistence through GitHub Actions artifacts
#290 commented on
Jun 27, 2025 • 0 new comments -
Feature: `zizmor explain FOO` for showing audit documentation in the CLI
#125 commented on
Jun 30, 2025 • 0 new comments -
Switch back to OSV/ecosyste.ms for actions security advisories?
#380 commented on
Jun 30, 2025 • 0 new comments -
[META] Fix mode features
#876 commented on
Jul 10, 2025 • 0 new comments -
feat: use git database to fetch references and content instead of github api
#801 commented on
Jul 11, 2025 • 0 new comments