From: Theo Buehler <tb@theobuehler.org>
Subject: [new] zizmor 1.23.1
To: ports@openbsd.org
Date: Tue, 7 Apr 2026 17:30:58 +0200

Relatively traightforward rust port that allows linting github actions.
I saw it mentioned a few times over easter, so I was curious.

Getting rid of jemalloc needed a bit of doing but the end result is not
too bad.

Comment:
static analysis tool for GitHub Actions

Description:
zizmor is a static analysis tool for GitHub Actions.

It can find many common issues in typical GitHub Actions CI/CD setups,
including:

* Template injection vulnerabilities, leading to attacker-controlled
  code execution
* Accidental credential persistence and leakage
* Excessive permission scopes and credential grants to runners
* Impostor commits and confusable git references

Maintainer: The OpenBSD ports mailing-list <ports@openbsd.org>

WWW: https://github.com/zizmorcore/zizmor