| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: zizmor | Distribution: openSUSE Tumbleweed |
| Version: 1.3.0 | Vendor: openSUSE |
| Release: 1.1 | Build date: Wed Jan 29 07:28:45 2025 |
| Group: Unspecified | Build host: reproducible |
| Size: 10565209 | Source RPM: zizmor-1.3.0-1.1.src.rpm |
| Packager: http://bugs.opensuse.org | |
| Url: https://github.com/woodruffw/zizmor | |
| Summary: A static analysis tool for GitHub Actions | |
zizmor is a static analysis tool for GitHub Actions. It can find many common security issues in typical GitHub Actions CI/CD setups.
MIT
* Wed Jan 29 2025 opensuse_buildservice@ojkastl.de
- Update to version 1.3.0:
* chore: prep for 1.3.0 release (#500)
* docs: bump trophies (#499)
* deps: bump indicatif from 0.17.9 to 0.17.11 (#498)
* Downgrade tracing-indicatif (#496)
* docs: bump trophies (#495)
* ci: attempt to fix arm build (#494)
* chore(deps): bump the github-actions group with 3 updates
(#493)
* chore(deps): bump the cargo group with 2 updates (#492)
* refactor: improve context handling (#491)
* feat(cli): add naches mode (#490)
* release-notes: record #485 (#489)
* feat: "raw" audit support + `overprovisioned-secrets` (#485)
* cli: reduce warning to info when skipping audits (#488)
* deps: bump github-actions-models (#487)
* docs: bump trophies (#486)
* docs: bump trophies (#484)
* Fix syntax in docs for bot-condition (#483)
* feat: improve parse error slightly (#482)
* docs: bump trophies (#481)
* chore(deps): bump the cargo group with 3 updates (#480)
* Add slash to avoid redirect (#478)
* bugfix: collect actions from subdirectories of
.github/workflows (#477)
* Mon Jan 20 2025 opensuse_buildservice@ojkastl.de
- Update to version 1.2.2:
* chore: prep for 1.2.2 release (#476)
* feat: improve error message when repo fetch fails (#475)
* bugfix: special-case workflow_call in excessive-permissions
(#473)
* Mon Jan 20 2025 opensuse_buildservice@ojkastl.de
- Update to version 1.2.1:
* chore: prep 1.2.1 (#470)
* bugfix: generalize path prefix handling (#469)
* chore(deps): bump astral-sh/setup-uv from 5.1.0 to 5.2.1 in the
github-actions group (#467)
* docs: try to fix the site (#466)
* chore: remove site-requirements.txt (#465)
* Mon Jan 20 2025 opensuse_buildservice@ojkastl.de
- Update to version 1.2.0:
* chore: prep 1.2.0 (#464)
* bugfix: bump github-actions-models (#463)
* bugfix: parse multi-line expressions correctly (#461)
* feat: bot-conditions (#460)
* ci: pypi: try enabling aarch64 on an ARM runner (#457)
* docs: typo (#456)
* docs: add sponsors to README and site (#454)
* bugfix: sarif: use absolute physical locations only (#453)
* chore(docs): bump trophies (#451)
* chore(docs): bump trophies (#450)
* refactor: reduce invalid states in job APIs (#449)
* fix: artipacked: check for stringy bools (#448)
* docs: bump trophies (#446)
* bugfix: mark another context as safe during injections (#445)
* docs: bump trophies (#444)
* docs: bump trophies (#443)
* docs: bump trophies (#442)
* refactor: make excessive-permissions more correct (#441)
* docs: bump trophies (#440)
* fix: don't flag local workflows in unpinned-uses (#439)
* Tue Jan 14 2025 opensuse_buildservice@ojkastl.de
- Update to version 1.1.1:
* chore: prep 1.1.1 (#438)
* chore(deps): bump the cargo group with 4 updates (#434)
* chore(deps): bump the github-actions group with 2 updates
(#436)
* fix: bump github-actions-models (#437)
* docs: bump trophies (#430)
* Mon Jan 13 2025 opensuse_buildservice@ojkastl.de
- Update to version 1.1.0:
This release comes with one new audit (secrets-inherit), plus a
slew of bugfixes and internal refactors that unblock future
improvements!
* Added
- New audit: secrets-inherit detects use of secrets: inherit
with reusable workflow calls (#408)
* Improved
- The template-injection audit now detects injections in calls
to azure/cli and azure/powershell (#421)
* Fixed
- The template-injection audit no longer consider
github.server_url dangerous (#412)
- The template-injection audit no longer crashes when
evaluating the static-ness of an environment for a uses: step
(#420)
* Wed Jan 08 2025 opensuse_buildservice@ojkastl.de
- Update to version 1.0.1:
This is a small quality and bugfix release. Thank you to
everybody who helped by reporting and shaking out bugs from our
first stable release!
* Improved
- The github-env audit now detects dangerous writes to
GITHUB_PATH, is more precise, and can produce multiple
findings per run block (#391)
* Fixed
- workflow_call.secrets keys with missing values are now parsed
correctly (#388)
- The cache-poisoning audit no longer incorrectly treats
docker/build-push-action as a publishing workflow is push:
false is explicitly set (#389)
- The template-injection audit no longer considers
github.action_path to be a potentially dangerous expansion
(#402)
- The github-env audit no longer skips run: steps with
non-trivial shell: stanzas (#403)
* Fri Jan 03 2025 Johannes Kastl <opensuse_buildservice@ojkastl.de>
- new package zizmore: a static analysis tool for GitHub Actions
/usr/bin/zizmor /usr/share/doc/packages/zizmor /usr/share/doc/packages/zizmor/README.md /usr/share/licenses/zizmor /usr/share/licenses/zizmor/LICENSE
Generated by rpm2html 1.8.1
Fabrice Bellet, Sat Feb 1 00:38:01 2025