1 Repo
Detects references to commits that appear to belong to a main repository but actually exist only in forks.
Distinct from Commit Identifiers: Specific to the security risk of commit impersonation in pinned references, not general commit history management
Explore 1 awesome GitHub repository matching security & cryptography · Impostor Commit Detection. Refine with filters or upvote what's useful.
Zizmor is a security linter and static analysis tool designed to audit GitHub Actions workflow files. It functions as a CI/CD security scanner that identifies security vulnerabilities, misconfigurations, and software supply chain risks within automation pipelines. The project distinguishes itself by providing an automated workflow remediator that applies security fixes to identified vulnerabilities. It also implements a language server for integration with code editors and supports a variety of analysis personas to scale the sensitivity and volume of reported findings. The tool covers a broa
Identifies pinned references to commits that exist only in forks but appear to belong to the main repository.