ZIP
WinGet
zizmor
William Woodruff · 1.20.0 · x64
Before deploying, verify this file with VirusTotal ↗
Silent Commands
Distributed as a ZIP archive — extract the contents and run the executable directly. No installer is included.
File Identity
Filename
zizmor-x86_64-pc-windows-msvc.zip
Signature
Status
Upload installer to verify signature
Installer Selection
WinGet Package
Package ID
zizmor.zizmor
Version
1.20.0
Description
Static analysis for GitHub Actions.
License
MIT
↗
Homepage
https://zizmor.sh/
Installer URL
https://github.com/zizmorcore/zizmor/releases/download/v1.20.0/zizmor-x86_64-pc-windows-msvc.zip
Upgrade Behavior
install(Install over existing)
Release Notes
Enhancements 🌱🔗
- The excessive-permissions audit is now aware of the artifact-metadata and models permissions (#1461)
- The cache-poisoning audit is now aware of the ramsey/composer-install action (#1489)
- The unpinned-images audit is now significantly more precise in the presence of matrix references, e.g. image: ${{ matrix.image }} (#1482)
Changes ⚠️🔗
- The default policy for the unpinned-uses audit has changed from allowing ref-pinning for first-party actions (those under actions/* and simi…