Mailing List Archive | ports@openbsd.org

From:: Theo Buehler <tb@theobuehler.org>
Subject:: Re: [new] zizmor 1.23.1
To:: ports@openbsd.org
Date:: Tue, 7 Apr 2026 17:32:45 +0200

Download raw body.

Thread

2026-04-07 15:30 Theo Buehler:
[new] zizmor 1.23.1
- 2026-04-07 15:32 Theo Buehler:
  [new] zizmor 1.23.1
- 2026-04-07 16:48 Laurent Cheylus:
  [new] zizmor 1.23.1
- - 2026-04-07 17:25 Theo Buehler:
    [new] zizmor 1.23.1

+tarball

On Tue, Apr 07, 2026 at 05:30:58PM +0200, Theo Buehler wrote:
> Relatively traightforward rust port that allows linting github actions.
> I saw it mentioned a few times over easter, so I was curious.
> 
> Getting rid of jemalloc needed a bit of doing but the end result is not
> too bad.
> 
> Comment:
> static analysis tool for GitHub Actions
> 
> Description:
> zizmor is a static analysis tool for GitHub Actions.
> 
> It can find many common issues in typical GitHub Actions CI/CD setups,
> including:
> 
> * Template injection vulnerabilities, leading to attacker-controlled
>   code execution
> * Accidental credential persistence and leakage
> * Excessive permission scopes and credential grants to runners
> * Impostor commits and confusable git references
> 
> Maintainer: The OpenBSD ports mailing-list <ports@openbsd.org>
> 
> WWW: https://github.com/zizmorcore/zizmor
>

zizmor-1.23.1.tgz (30K)

2026-04-07 15:30 Theo Buehler:
[new] zizmor 1.23.1
- 2026-04-07 15:32 Theo Buehler:
  [new] zizmor 1.23.1
- 2026-04-07 16:48 Laurent Cheylus:
  [new] zizmor 1.23.1
- - 2026-04-07 17:25 Theo Buehler:
    [new] zizmor 1.23.1