1 Repo
Analyzes the use of logic functions in workflows to identify patterns that allow for security bypasses.
Distinct from Input Security Functions: Focuses on the semantic misuse of workflow logic functions (like 'contains') rather than general API or container security
Explore 1 awesome GitHub repository matching security & cryptography · Logic Expression Auditing. Refine with filters or upvote what's useful.
Zizmor is a security linter and static analysis tool designed to audit GitHub Actions workflow files. It functions as a CI/CD security scanner that identifies security vulnerabilities, misconfigurations, and software supply chain risks within automation pipelines. The project distinguishes itself by providing an automated workflow remediator that applies security fixes to identified vulnerabilities. It also implements a language server for integration with code editors and supports a variety of analysis personas to scale the sensitivity and volume of reported findings. The tool covers a broa
Detects insecure use of the contains function that allows for substring bypasses.