| description | Abbreviated change notes about each zizmor release. |
|---|
This page contains abbreviated, user-focused release notes for each version
of zizmor.
-
zizmor's finding severities can now be remapped on a per-audit basis. See the configuration for details (#1913)
Many thanks to @Proximyst for proposing and implementing this improvement!
-
New audit: github-app detects dangerous usages of GitHub App installation tokens (#1926)
- @tibdex/github-app-token is now recognized as an archived action by archived-uses (#1910)
-
Fixed a crash in the template-injection audit when a workflow uses a parenthesized compound expression in context position (#1904)
-
Fixed a bug where local directory input collection could miss workflows for relative-path invocations from within
.githubsubdirectories (#1909)
- Fixed a bug where the ref-version-mismatch audit would incorrectly flag some version comments as not containing an appropriate version (#1900)
zizmornow allows users to audit from stdin, by passingzizmor -(#1611)
-
The use-trusted-publishing audit now detects
bun publishandbunx npm publishpatterns (#1737)Many thanks to @shaanmajid for proposing and implementing this improvement!
-
zizmor's CLI help and usage output now uses a custom color scheme for improved readability (#1747) -
The secrets-outside-env audit is now configurable with an allowlist of secret names that should not be flagged, even when referenced outside of an environment (#1759)
Many thanks to @rmuir for proposing and implementing this improvement!
-
The dependabot-cooldown audit now emits a pedantic finding whenever it encounters a cooldown used with a multi-ecosystem-group, as the two do not interact well (#1780)
-
Recommend
gh release uploadas a replacement for @svenstaro/upload-release-action in superfluous-actions (#1801) -
Recommend
gh issue createas a replacement for @dacbd/create-issue-action in superfluous-actions (#1873) -
The obfuscation audit now emits a finding for
with: ${{ expr }}clauses cannot be analyzed (#1772) -
zizmor --helpis now rendered with option groups for improved readability (#1831)Many thanks to @deckstose for implementing this improvement!
-
zizmor's SARIF output now uses codeflows instead of related locations, improving its rendering behavior on GitHub Advanced Security (#1843)
-
The ref-version-mismatch audit now uses a more useful audit description for its findings (#1843)
-
The unpinned-images audit now produces more precise findings for image references that are computed through expressions (#1756)
Many thanks to @miketheman for implementing this improvement!
-
The ref-version-mismatch audit now detects missing version comments as well (#1849)
Many thanks to @shaanmajid for proposing and implementing this improvement!
-
Fixed a bug where the concurrency-limits audit reported findings at the job level instead of the workflow level (#1627)
-
Fixed a bug where
with: ${{ expr }}clauses would cause a crash.artipackedaudit emits a pedantic finding on such clauses. (#1772) -
Fixed a bug where auto-fixes for the template-injection audit would fail to preserve an environment variable's casing (#1766)
-
Fixed a bug where the secrets-outside-env audit would incorrectly flag reusable workflows (#1777)
-
Fixed a bug where expressions containing
InfinityorNaNwould fail to parse (#1778) -
Fixed several bugs where some parenthetical forms in expressions would fail to parse (#1779, #1856)
-
Fixed a bug where expressions with invalid identifiers (such as
-Inf) would be incorrectly accepted (#1794) -
Fixed a bug where the known-vulnerable-actions audit would fail to handle multiple discrete packages in a single advisory (#1810)
-
Fixed a bug where the template-injection audit would incorrectly flag
needs.*.resultas an injection risk in the default persona (#1814) -
Fixed a bug where the unpinned-uses audit would product incorrect auto-fixes for actions with subpaths (#1841)
-
Fixed a bug where the ref-version-mismatch audit would fail to produce findings for comments containing nonexistent refs (#1853)
-
Fixed a bug where expressions containing
NaNwould be constant-evaluated incorrectly (#1858) -
Fixed a bug where
nixwould not be recognized as apackage-ecosystemindependabot.yml(#1867) -
Fixed a bug where the ref-version-mismatch audit would incorrectly parse prerelease version comments (such as
# v6-beta), causing some findings to appear unresolvable (#1870) -
Fixed a bug where various string comparisons in expressions did not perfectly match GitHub's own special uppercasing semantics (#1879)
-
Fixed a bug where zizmor would incorrectly contact
github.cominstead of the user's requested--gh-hostnamefor some online requests (#1874) -
Fixed a bug where the artipacked audit would fail to honor the
--no-online-auditsflag (#1874)
-
The secrets-outside-env audit now only flags findings with the 'auditor' persona, due to numerous false positives and negatives caused by GitHub's platform limitations (primarily around interactions between environment secrets and reusable workflows) (#1777)
-
zizmor's handling of GitHub Actions expressions has been made stricter, and now rejects unknown functions and function calls with incorrect arities (#1823, #1826)
-
The superfluous-actions audit now uses the "pedantic" persona for some findings along with a medium or low confidence marker to signal when a action may not be easily replaced with built-in functionality (#1822, #1859)
-
The unpinned-uses audit no longer suggests auto-fixes for Git references that don't look like version tags, such as
main(#1860) -
The template-injection audit now considers more "URL-shaped" contexts to be fully attacker-controllable, rather than partially controllable (#1868)
-
Fixed a bug where
zizmorwould error if given both aGH_TOKENand aGITHUB_TOKEN(orZIZMOR_GITHUB_TOKEN) via the environment (#1724) -
Fixed a bug in template-injection where the
contextinput ofdocker/build-push-actionwas incorrectly considered a code injection sink (#1705)
artipackedaudit emits a pedantic finding ifpersist-credentialsis an expression (#1735)
-
New audit: secrets-outside-env detects usage of the
secretscontext in jobs that don't have a correspondingenvironment(#1599) -
New audit: superfluous-actions detects usage of actions that perform operations already provided by GitHub's own runner images (#1618)
-
zizmor's LSP mode is now configuration-aware, and will load configuration files relative to workspace roots (#1555) -
zizmornow reads theGITHUB_TOKENenvironment variable as an alias/equivalent forGH_TOKEN(#1566) -
zizmornow supports inputs that contain duplicated anchor names (#1575) -
zizmornow flags missing cooldowns onopentofuecosystem definitions in Dependabot (again) (#1586) -
zizmornow reads theZIZMOR_GITHUB_TOKENenvironment variable as an alias/equivalent forGH_TOKENandGITHUB_TOKEN(#1641) -
The SARIF output format now adds
zizmor/confidence,zizmor/personaandzizmor/severityto thepropertiesof findings (#1656) -
Added awalsh128/cache-apt-pkgs-action as a cache-aware action to the cache-poisoning audit (#1708)
- SARIF categories have been regraded.
zizmor's "medium" is changed from SARIF's "warning" to "low" (#1635)
-
Fixed a bug where
zizmorwould crash onuses:clauses containing non-significant whitespace while performing the unpinned-uses audit (#1544) -
Fixed a bug in
yamlpathwhere sequences containing anchors were splatted instead of being properly nested (#1557)Many thanks to @DarkaMaul for implementing this fix!
-
Fixed a bug in
yamlpathwhere anchor prefixes in sequences and mapping were not stripped during path queries (#1562) -
Fixed a bug where "merge into" autofixes would produce incorrect patches in the presence of multi-byte Unicode characters (#1581)
Many thanks to @ManuelLerchnerQC for implementing this fix!
-
Fixed a bug where the template-injection audit would produce duplicated pedantic-only findings (#1589)
-
Fixed a bug where the obfuscation audit would produce incorrect autofixes for a subset of constant-reducible expressions (#1597)
-
Fixed a bug where the obfuscation audit would fail to apply fixes to a subset of inputs with leading whitespace (#1597)
-
Fixed a bug where the concurrency-limits audit would incorrectly flag reusable-only workflows as needing a
#!yaml concurrency:key (#1620) -
Fixed a bug where the known-vulnerable-actions audit would fail when applying some fixes (#1640)
Many thanks to @reubenwong97 for implementing this fix!
-
Fixed a bug where the
pre-commitecosystem was not recognized in Dependabot configuration files (#1637) -
Fixed a bug where the template-injection audit would incorrectly flag
github.triggering_actoras an injection risk in the default persona (#1645) -
Fixed a bug where
zizmor's expression parser did not correctly handle number literals in GitHub Actions expressions (#1625) -
Fixed a bug where the template-injection audit would crash on some forms of multi-line expressions (#1669)
-
Fixed a bug where deserialization of a workflow containing fractional minutes would fail (#1675)
-
Fixed a bug where deserialization of a workflow where a
workflow_runwith a scalartypeswould fail (#1676) -
Fixed a bug where
zizmorwould crash on workflows containing bare numeric values inif:conditions (#1683) -
Fixed a bug where GitHub Actions expression string comparisons were not case-insensitive (#1687)
-
Fixed a bug in
yamlpathwhere resolving an alias to an anchored scalar would navigate the wrong parent tree (#1732)
- The misfeature audit now only shows non-"well known"
#!yaml shell:findings when running with the "auditor" persona (#1532)
- Fixed a bug where inputs containing CRLF line endings were not patched correctly by the unpinned-uses audit (#1536)
- New audit: misfeature detects usage of GitHub Actions features that are considered "misfeatures." (#1517)
-
zizmor now uses exit code
3to signal an audit that has failed because no input files were collected. See the exit code documentation for details (#1515) -
The unpinned-uses audit now supports auto-fixes for many findings (#1525)
- The obfuscation audit no longer flags
#!yaml shell: cmd. That check has been moved to the new misfeature audit. Users may need to update their ignore comments and/or configuration (#1517)
-
The unpinned-uses audit now flags reusable workflows that are unpinned, in addition to actions (#1509)
Many thanks to @johnbillion for implementing this fix!
-
The excessive-permissions audit is now aware of the
artifact-metadataandmodelspermissions (#1461) -
The cache-poisoning audit is now aware of the @ramsey/composer-install action (#1489)
-
The unpinned-images audit is now significantly more precise in the presence of matrix references, e.g.
image: ${{ matrix.image }}(#1482)
-
The default policy for the unpinned-uses audit has changed from allowing ref-pinning for first-party actions (those under
actions/*and similar) to requiring hash-pinning. This makes the default policy more strict, as well as more consistent across the actions ecosystem.Users who with to retain the old (permissive policy) for first-party actions may configure it explicitly in their
zizmor.yml:rules: unpinned-uses: config: policies: actions/*: ref-pin github/*: ref-pin dependabot/*: ref-pin
-
The dependabot-cooldown audit no longer flags missing cooldowns on ecosystems that don't (yet) support cooldowns, such as
opentofu(#1480) -
Fixed a false positive in the cache-poisoning audit where
zizmorwould treat empty strings (e.g.cache: '') as enabling rather than disabling caching (#1482) -
Fixed two gaps in the use-trusted-publishing audit's detection of common
yarnpublishing commands (#1495)
-
zizmor's configuration now has an official JSON schema that is available via SchemaStore!
Many thanks to @kiwamizamurai for implementing this improvement!
- New audit: archived-uses detects usages of archived repositories in
#!yaml uses:clauses (#1411)
-
The use-trusted-publishing audit now detects additional publishing command patterns, including common "wrapped" patterns like
bundle exec gem publish(#1394) -
zizmor now produces better error messages on a handful of error cases involving invalid input files. Specifically, a subset of syntax and schema errors now produce more detailed and actionable error messages (#1396)
-
The use-trusted-publishing audit now detects additional publishing command patterns, including
uv run ...,uvx ..., andpoetry publish(#1402) -
zizmor now produces more useful and less ambiguous spans for many findings, particularly those from the anonymous-definition audit (#1416)
-
zizmor now discovers configuration files named
zizmor.yaml, in addition tozizmor.yml(#1431) -
zizmor now produces a more useful error message when input collection yields no inputs (#1439)
-
The
--render-linksflag now allows users to controlzizmor's OSC 8 terminal link rendering behavior. This is particularly useful in environments that advertise themselves as terminals but fail to correctly render or ignore OSC 8 links (#1454)
- The impostor-commit audit is now significantly faster on true positives, making true positive detection virtually as fast as true negative detection. In practice, true positive runs are over 100 times faster than before (#1429)
-
Fixed a bug where the obfuscation audit would crash if it encountered a CMD shell that was defined outside of the current step block (i.e. as a job or workflow default) (#1418)
-
Fixed a bug where the
opentofuecosystem was not recognized in Dependabot configuration files (#1452) -
--color=alwaysno longer implies--render-links=always, as some environments (like GitHub Actions) support ANSI color codes but fail to handle OSC escapes gracefully (#1454)
-
The use-trusted-publishing audit now detects NuGet publishing commands (#1369)
-
The dependabot-cooldown audit now flags cooldown periods of less than 7 days by default (#1375)
-
The dependabot-cooldown audit can now be configured with a custom minimum cooldown period via
rules.dependabot-cooldown.config.days(#1377) -
zizmornow produces slightly more useful error messages when the user supplies an invalid configuration for the forbidden-uses audit (#1381)
- Fixed additional edge cases where auto-fixed would fail to preserve a document's final newline (#1372)
-
zizmornow produces a more useful error message when asked to collect only workflows from a remote input that contains no workflows (#1324) -
zizmornow produces more precise severities on @actions/checkout versions that have more misuse-resistant credentials persistence behavior (#1353)Many thanks to @ManuelLerchnerQC for proposing and implementing this improvement!
-
The use-trusted-publishing audit now correctly detecting more "dry-run" patterns, making it significantly more accurate (#1357)
-
The obfuscation audit now detects usages of
#!yaml shell: cmdand similar, as the Windows CMD shell lacks a formal grammar and limits analysis of#!yaml run:blocks in other audits (#1361)
zizmor's core has been refactored to be asynchronous, making online and I/O-heavy audits significantly faster. Typical user workloads should see speedups of 40% to 70% (#1314)
-
Fixed a bug where auto-fixes would fail to preserve a document's final newline (#1323)
-
zizmornow uses the native (OS) TLS roots when performing HTTPS requests, improving compatibility with user environments that perform TLS interception (#1328) -
The github-env audit now falls back to assuming bash-like shell syntax in
run:blocks if it can't infer the shell being used (#1336) -
The concurrency-limits audit now correctly detects job-level
concurrencysettings, in addition to workflow-level settings (#1338) -
Fixed a bug where
zizmorwould fail to collect workflows with names that overlapped with other input types (e.g.action.ymlanddependabot.yml) when passed explicitly by path (#1345)
- Fixed a bug where
zizmorwould crash on an unexpected caching middleware state.zizmorwill now exit with a controlled error instead (#1319)
- The concurrency-limits audit no longer flags explicit user concurrency
overrides, e.g.
cancel-in-progress: false(#1302) - zizmor now detects CI environments and specializes its panic handling accordingly, improving the quality of panic reports when running in CI (#1307)
- Fixed a bug where
zizmorwould reject some Dependabot configuration files with logically unsound schedules (but that are accepted by GitHub regardless) (#1308)
zizmornow produces a more useful error message when asked to indirectly access a nonexistent or private repository via auses:clause (without a sufficiently privileged GitHub token) (#1293)
-
New audit: concurrency-limits detects insufficient concurrency limits in workflows (#1227)
Many thanks to @jwallwork23 for proposing and implementing this audit!
-
zizmor's online mode is now significantly (40% to over 95%) faster on common workloads, thanks to a combination of caching improvements and conversion of GitHub API requests into Git remote lookups (#1257)Many thanks to @Bo98 for implementing these improvements!
-
When running in
--fixmode and all fixes are successfully applied,zizmornow has similar exit code behavior as the--no-exit-codesand--format=sarifflags (#1242)Many thanks to @cnaples79 for implementing this improvement!
-
The dependabot-cooldown audit now supports auto-fixes for many findings (#1229)
Many thanks to @mostafa for implementing this improvement!
-
The dependabot-execution audit now supports auto-fixes for many findings (#1229)
Many thanks to @mostafa for implementing this improvement!
-
zizmornow has limited, experimental support for handling inputs that contain YAML anchors (#1266)
- Fixed a bug where
zizmorwould fail to parse some Dependabot configuration files due to missing support for some schedule formats (#1247)
- Fixed a bug where
zizmorwould fail to parse Dependabot configuration files due to missing support for some package ecosystems (#1240)
This release comes with support for auditing Dependabot configuration files! Like with composite action definition auditing (introduced in v1.0.0), Dependabot configuration auditing is enabled by default but can be disabled as part of input collection.
To complement this new functionality, this release comes with two new audits: dependabot-execution and dependabot-cooldown.
-
New audit: dependabot-execution detects Dependabot configurations that allow insecure external code execution (#1220)
-
New audit: dependabot-cooldown detects Dependabot configurations that do not include cooldown settings, or that set an insufficient cooldown (#1223)
zizmornow usesjemallocas its default allocator on non-MSVC targets, which should significantly improve performance for Linux and macOS users (#1200)
-
zizmornow unconditionally emits its version number to stderr on startup (#1199) -
The ref-version-mismatch audit now supports auto-fixes for many findings (#1205)
Many thanks to @mostafa for implementing this improvement!
-
The impostor-commit audit now supports auto-fixes for many findings (#1090)
Many thanks to @mostafa for implementing this improvement!
-
zizmoris now more resilient to sporadic request failures when performing GitHub API requests (#1219) -
--collect=dependabotis now supported as a collection option, allowing users to audit only Dependabot configuration files (#1215) -
The
--fixmode (introduced with v1.10.0) is now considered stable and no longer experimental (#1232)
- Fixed a bug where
zizmorwould fail instead of analyzing single-file inputs that lacked an explicit parent path component, e.g.zizmor foo.ymlinstead ofzizmor ./foo.yml(#1212)
-
The
workflows-onlyandactions-onlyvalues for--collectare now deprecated. These values have been replaced withworkflowsandactions, respectively, which have the same behavior but can be composed together with other collection modes. The deprecated modes will be removed in a future release (#1228)Until removal, using these values will emit a warning.
- Fixed a bug where the use-trusted-publishing audit would produce-false
positive findings for some
run:blocks that implicitly performed trusted publishing (#1191)
- Fixed a bug where the ref-version-mismatch would incorrectly show the wrong commit SHAs in its findings (#1183)
-
New audit: ref-version-mismatch detects mismatches between hash-pinned action references and their version comments (#972)
Many thanks to @segiddins for implementing this audit!
-
zizmorno longer uses the "Unknown" severity or confidence levels for any findings. All findings previously categorized at these levels are now given a more meaningful level (#1164) -
The use-trusted-publishing audit now detects various Trusted Publishing patterns for the npm ecosystem (#1161)
Many thanks to @KristianGrafana for implementing this improvement!
-
The unsound-condition audit now supports auto-fixes for many findings (#1089)
Many thanks to @mostafa for implementing this improvement!
-
zizmor's error handling has been restructured, improving the quality of error messages and their associated suggestions (#1169)
-
Fixed a bug where the cache-poisoning audit would fail to detect some cache usage variants in newer versions of
actions/setup-node(#1152) -
Fixed a bug where the obfuscation audit would incorrectly flag some subexpressions as constant-reducible when they were not (#1170)
-
The
unknownvalues for--min-severityand--min-confidenceare now deprecated. These values were already no-ops (and have been since introduction), and will be removed in a future release (#1164)Until removal, using these values will emit a warning.
-
New audit: undocumented-permissions detects explicit permission grants that lack an explanatory comment (#1131)
Many thanks to @johnbillion for proposing and implementing this audit!
-
zizmor's configuration discovery behavior has been significantly refactored, making it easier to audit multiple independent inputs with their own configuration files (#1094)For most users, this change should cause no compatibility issues. For example, the following commands will continue to load the same configuration files as before:
zizmor . zizmor .github/For other users, the behavior will change, but in a way that's intended to correct a long-standing bug with configuration discovery. In particular, the following commands will now behave differently:
# OLD: would discover config in $CWD # NEW: will discover two different configs, one in each of the repos zizmor ./repoA ./repoB
Separately from these changes,
zizmorcontinues to support--config <path>andZIZMOR_CONFIGwith the exact same behavior as before.See Configuration - Discovery for a detailed explanation of the new behavior.
-
Audit rules can now be disabled entirely in
zizmor's configuration. Seerules.<id>.disablefor details (#1132) -
The obfuscation audit now supports auto-fixes for many findings (#1088)
-
zizmornow correctly honors--strict-collectionwhen collecting from remote inputs. This also means that the default collection strictness has changed for remote inputs to match all other inputs (#1122) -
Fixed a bug where
zizmorwould crash on certain UTF-8 inputs lacking an explicit final newline due to a bug in theannotate-snippetscrate (#1136)
- Fixed a bug where the cache-poisoning would incorrectly detect the opposite cases for cache enablement (#1081)
- New audit: unsound-condition detects
if:conditions that inadvertently always evaluate totrue(#1053)
- The cache-poisoning audit now supports auto-fixes for many findings (#923)
- The known-vulnerable-actions audit now supports auto-fixes for many findings (#1019)
zizmoris now stricter about parsinguses:clauses. In particular,zizmorwill no longer acceptuses: org/repowithout a trailing@ref, as GitHub Actions itself does not accept this syntax (#1019)- The use-trusted-publishing audit now detects many more patterns, including
cargo publishand other#!yaml run:blocks that make use of publishing commands directly (#1042) - The insecure-commands audit now supports auto-fixes for many findings (#1045)
- The template-injection audit now detects more action injection sinks (#1059)
- Fixed a bug where
--fixwould fail to preserve comments when modifying block-style YAML mappings (#995) - Fixed a bug where
zizmorwould crash when given a GitHub API token with leading or trailing whitespace (#1027) - Fixed a bug where template-injection findings in
--fixmode would be incorrectly patched when referencing anenv.*context (#1052) - Fixed a bug where template-injection findings in
--fixmode would be patched with shell syntax that didn't match the step's actual shell (#1064)
zizmornow has experimental support for IDE/editor integrations viazizmor --lsp; see the IDE integration documentation for more information (#984)
- The bot-conditions audit now supports auto-fixes for many findings (#921)
- The bot-conditions audit now produces findings on triggers other than
pull_request_target(#921)
- Fixed a bug where
zizmorwould crash when attempting to extract subfeatures from features containing non-ASCII codepoints (#989)
This is a huge new release, with multiple new features, enhancements, and bugfixes!
-
New audit: anonymous-definition detects unnamed workflows and actions. Definitions without a
name:field appear anonymously in the GitHub Actions UI, making them harder to distinguish (#937)Many thanks to @andrewpollack for implementing this audit!
-
Auto-fix mode:
zizmornow experimentally supports--fix=[MODE], which enables the brand new auto-fix mode. This mode can automatically fix a subset ofzizmor's findings. For this experimental release, auto-fixes are available for findings from the following audits:-
artipacked:
zizmorwill attempt to add#!yaml persist-credentials: falsetoactions/checkoutsteps that do not already have it. -
template-injection:
zizmorwill attempt to rewrite#!yaml run:blocks containing${{ foo.bar }}to use${FOO_BAR}instead, and will add an appropriate#!yaml env:block to setFOO_BARto the expression's evaluation.
Read more about the new auto-fix mode in the documentation.
Many thanks to @mostafa for implementing this feature!
-
- The artipacked audit now produces findings on composite action definitions, rather than just workflow definitions (#896)
- The use-trusted-publishing audit now produces findings on composite action definitions, rather than just workflow definitions (#899)
- The bot-conditions audit now detects more spoofable actor checks, including checks against well-known user IDs for bot accounts (#905)
- The template-injection and other audits now produce more precise
findings when analyzing
envcontext accesses for static-ness (#911) - The template-injection audit now produces more precise findings
when analyzing
inputscontext accesses (#919) - zizmor now produces more descriptive error messages when it fails to parse a workflow or action definition (#956)
- The bot-conditions audit now returns precise spans for flagged
actor checks, instead of flagging the entire
if:value (#949) - The template-injection audit now returns precise spans for flagged contexts and expressions, instead of flagging the entire script block (#958)
- The obfuscation audit now returns precise spans for flagged expressions (#969)
- The obfuscation audit now detects computed indices (e.g.
inputs.foo[inputs.bar]) as a potentially obfuscatory pattern (#969)
- The template-injection audit no longer crashes when attempting to
evaluate the static-ness of an environment context within a
composite action
uses:step (#887) - The bot-conditions audit now correctly analyzes index-style contexts,
e.g.
github['actor'](#905) - Fixed a bug where
zizmorwould fail to parse expressions that contained>=or<=(#916) - Fixed a bug where
zizmorwould fail to parse expressions containing contexts with interstitial whitespace (#958)
zizmornow supports generating completions for Nushell (#838)
- The template-injection audit has been rewritten, and is now significantly
more precise and general over contexts supplied via GitHub's webhook
payloads (i.e.
github.event.*) (#745) - The template-injection audit now detects vulnerable template injections in more actions inputs, thanks to an integration with CodeQL's sink metadata (#849)
- The insecure-commands now correctly detects different truthy
values in
ACTIONS_ALLOW_UNSECURE_COMMANDS(#840) - The template-injection audit now correctly emits pedantic findings in a blanket manner, rather than filtering them based on the presence of other findings (#745)
- CLI: Fixed a misleading error message when
zizmoris used with a GitHub host other thangithub.com(#863)
-
zizmor's website has changed! The new website is hosted at docs.zizmor.sh. The old website will redirect to the new one for a while, but users should update any old links in preparation for the v1.8.0 release, which will likely remove the redirects entirely (#769) -
zizmoris now hosted under the @zizmorcore GitHub organization as @zizmorcore/zizmor. The old repository at @woodruffw/zizmor will redirect to the new one, but users should update any old links to limit confusion
zizmornow supports theZIZMOR_CONFIGenvironment variable as an alternative to--config(#789)
- The template-injection audit no longer produces false positive findings
on alternative representations of the same context pattern.
For example,
github.event.pull_request.head.shais considered safe butgithub['event']['pull_request']['head']['sha']was not previously detected as equivalent to it (#800, #806)
This release comes with four new audits: obfuscation, stale-action-refs, unsound-contains, and unpinned-images. It also includes several improvements to existing audits and zizmor's output formats and error reporting behavior.
Additionally, this release comes with bugfixes for the SARIF output format as well as input collection in some edge cases when collecting from remote repositories.
-
New audit: The obfuscation audit detects obfuscatory patterns in GitHub Actions usages. These patterns are not themselves dangerous, but may indicate an attempt to obscure malicious behavior (#683)
-
New audit: The stale-action-refs pedantic audit detects pinned action references which don't point to a Git tag (#713)
Many thanks to @Marcono1234 for proposing and implementing this audit!
-
New audit: The unsound-contains audit detects uses of the
contains()function that can be bypassed (#577)Many thanks to @Holzhaus for proposing and implementing this audit!
-
New audit: The unpinned-images audit detects uses of Docker images that are unpinned or pinned to
:latest(#733)Many thanks to @trumant for proposing and implementing this audit!
-
zizmornow reports much clearer error messages when auditing fails due to an invalid workflow or action definition (#719)Many thanks to @reandreev for implementing these improvements!
-
zizmornow has a--strict-collectionflag that turns skipped workflow or action definition warnings into errors. Passing this flag changeszizmor's behavior back to the default in v1.6.0 and earlier, which was to terminate the audit if any collected input could not be parsed (#734) -
The forbidden-uses audit can now be configured with patterns that match exact
uses:clauses, including refs. For example, exactlyactions/checkout@v4can now be explicitly allowed or forbidden, rather than every ref that matchesactions/checkout(#750) -
zizmornow has a--completions=<shell>flag that generates shell completion scripts (#765)
- The SARIF output format now uses
zizmor/{id}for rule IDs instead of bare IDs, reducing the chance of conflict or confusion with other tools (#710) - The SARIF output format now includes a rule name for each rule descriptor, which should improve rendering behavior in SARIF viewers like the VS Code SARIF Viewer extension (#710)
- Fixed a bug where
zizmorwould fail to collection actions defined within subdirectories of.github/workflowswhen collecting from a remote source (#731)
- Starting with v1.8.0,
zizmorwill migrate from @woodruffw on GitHub to @zizmorcore. This should not cause any breakage as GitHub will handle redirects, but users who explicitly reference @woodruffw/zizmor should consider updating their references to @zizmorcore/zizmor once the migration occurs. See #758 for details.
-
New audit: The forbidden-uses audit is a configurable audit that allows allow- or denylisting of entire orgs, repos, or specific action patterns. This audit must be configured; by default it has no effect (#664)
Many thanks to @Holzhaus for proposing and initiating this new audit!
-
zizmornow supports--format=githubas an output format. This format produces check annotations via GitHub workflow commands, e.g.::warningand::error. See the Output formats documentation for more information on annotations, including key limitations (#634) -
The unpinned-uses audit has been completely rewritten, with two key changes:
- The audit now has configurable policies that give users more control over the audit's behavior. In particular, users can now define policies that mirror their actual threat model, such as trusting their own GitHub organizations while leaving others untrusted.
- The audit's default policy is more precise and conservative:
official GitHub actions (e.g. those under
actions/*and similar) are allowed to be pinned by branch or tag, but all other actions are required to be pinned by SHA. This is a change from the previous policy, which was to only flag completely unpinned actions by default.
Many thanks to @Holzhaus for motivating this change! (#663, #574)
- The SARIF output format now marks each rule as a "security" rule, which helps GitHub's presentation of the results (#631)
- The template-injection audit is now performs dataflow analysis to determine whether contexts actually expand in an unsafe manner, making it significantly more accurate (#640)
- The cache-poisoning audit is now aware of @jdx/mise-action (#645)
- The cache-poisoning audit is now significantly more accurate when analyzing workflows that use @docker/setup-buildx-action (#644)
--format=jsonis now an alias for--format=json-v1, enabling future JSON formats. The policy for the--format=jsonalias is documented under Output formats - JSON (#657)- Configuration file loading is now stricter, and produces a more useful error message when the configuration file is invalid (#663)
- The template-injection audit no longer considers
github.event.pull_request.head.shadangerous (#636) - Fixed a bug where
zizmorwould fail to parse workflows withworkflow_calltriggers that specified inputs without therequiredfield being present (#646) - Fixed a bug where
zizmorwould fail to parse workflows withpull_requestorpull_request_targettriggers that specifiedtypesas a scalar value (#653) - Fixed a crash where
zizmorwould fail to generate correct concrete location spans for YAML inputs with comments inside block sequences (#660) - The template-injection audit no longer considers
github.jobdangerous (#661) - The template-injection audit no longer considers
github.event.pull_request.head.repo.forkdangerous (#675)
- Fixed a bug where
zizmorwould over-eagerly parse invalid and commented-out expressions, resulting in spurious warnings (#570) - Fixed a bug where
zizmorwould fail to honor# zizmor: ignore[rule]comments in unintuitive cases (#612) - Fixed a regression in
zizmor's SARIF output format that caused suboptimal presentation of findings on GitHub (#621)
- The official PyPI builds for
zizmorwill support fewer architectures in the next release, due to cross-compilation and testing difficulties. This should have no effect on the overwhelming majority of users. See #603 for additional details.
- Fixed a bug where
zizmorwould fail to honor.gitignorefiles when a.git/directory is not present (#598)
- The overprovisioned-secrets audit now detects indexing operations
on the
secretscontext that result in overprovisioning (#573) zizmornow ignores patterns in.gitignore(and related files, like.git/info/exclude) by default when performing input collection. This makes input collection significantly faster for users with local development state and more closely reflects typical user expectations. Users who wish to explicitly collect everything regardless of ignore patterns can continue to use--collect=all(#575)zizmornow has a--no-progressflag that disables progress bars, even if the terminal supports them (#589)zizmornow has a--colorflag that controls whenzizmor's output is colorized (beyond basic terminal detection) (#586)
- Fixed
zizmor's path presentation behavior to correctly present unambiguous paths in both SARIF and "plain" outputs when multiple input directories are given (#572)
This is a small corrective release for v1.4.0.
- Findings produced by (unredacted-secrets) now use the correct ID and link to the correct URL in the audit documentation (#566)
This release comes with one new audit (unredacted-secrets), plus a handful of bugfixes and analysis improvements to existing audits. It also comes with improvements to SARIF presentation, ignore comments, as well as an official Docker image!
zizmornow has official Docker images! You can find them on the GitHub Container Registry underghcr.io/zizmorcore/zizmor(#532)- New audit: unredacted-secrets detects secret accesses that are not redacted in logs (#549)
- SARIF outputs are now slightly more aligned with GitHub Code Scanning expectations (#528)
# zizmor: ignore[rule]comments can now have trailing explanations, e.g.# zizmor: ignore[rule] because reasons(#531)- The bot-conditions audit now detects
github.triggering_actoras another spoofable actor check (#559)
- Fixed a bug where
zizmorwould fail to parse workflows withworkflow_dispatchtriggers that contained non-string inputs (#563)
- The next minor release of
zizmorwill be built with Rust 2024. This should have no effect on most users, but may require users who buildzizmorfrom source to update their Rust toolchain.
- Passing both
--offlineand a GitHub token (either implicitly withGH_TOKENor explicitly with--gh-token) no longer results in an error.--offlineis now given precedence, regardless of any other flags or environment settings (#519)
- Fixed a bug where
zizmorwould fail to parse composite actions with inputs/outputs that are missing descriptions (#502) - Expressions that contain indices with non-semantic whitespace are now parsed correctly (#511)
- Fixed a false positive in [ref-confusion] where partial tag matches were incorrectly considered confusable (#519)
- Fixed a bug where
zizmorwould fail to parse workflow definitions with an expression insidestrategy.max-parallel(#522)
This release comes with one new audit (overprovisioned-secrets), plus a handful of bugfixes and analysis improvements to existing audits. It also comes with a special easter egg for those who wish to kvell about their audit results.
- New audit: overprovisioned-secrets detects uses of the
secretscontext that result in excessive secret provisioning (#485) - Added a special naches mode for when you're feeling particularly proud of your audit results (#490)
zizmorproduces slightly more informative error messages when given an invalid input file (#482)- Case insensitivity in contexts is now handled more consistently and pervasively (#491)
- Fixed a bug where
zizmorwould fail to discover actions within subdirectories of.github/workflows(#477) - Fixed a bug where
zizmorwould fail to parse composite action definitions with nonamefield (#487)
- The excessive-permissions audit is now more precise about both reusable workflows and reusable workflow calls (#473)
- Fetch failures when running
zizmor org/repoare now more informative (#475)
This is a small corrective release for some SARIF behavior that changed with v1.2.0.
- SARIF outputs now use relative paths again, but more correctly than before v1.2.0 (#469)
This release comes with one new audit (bot-conditions), plus a handful of bugfixes and analysis improvements to existing audits.
One bugfix in this release is also a slight behavior change: zizmor
now emits SARIF outputs with absolute paths. This should not affect most
users, but may make it slightly harder to share SARIF outputs between
machines without fully reproducing exact file paths. If this affects
you, please let us know!
- New audit: bot-conditions detects spoofable uses of
github.actorwithin dangerous triggers (#460)
- The unpinned-uses audit no longer flags local reusable workflows or actions as unpinned/unhashed (#439)
- The excessive-permissions audit has been refactored, and better captures both true positive and true negative cases (#441)
- The SARIF output mode (
--format=sarif) now always returns absolute paths in its location information, rather than attempting to infer a (sometimes incorrect) repository-relative path (#453) zizmornow providesmanylinuxwheel builds foraarch64(#457)
- The template-injection audit no longer considers
github.event.pull_request.base.shadangerous (#445) - The artipacked audit now correctly handles the strings
'true'and'false'as their boolean counterparts (#448) - Expressions that span multiple source lines are now parsed correctly (#461)
- Workflows that contain
timeout-minutes: ${{ expr }}are now parsed correctly (#462)
- Fixed a regression where workflows with calls to unpinned reusable workflows would fail to parse (#437)
This release comes with one new audit (secrets-inherit), plus a slew of bugfixes and internal refactors that unblock future improvements!
- New audit: secrets-inherit detects use of
secrets: inheritwith reusable workflow calls (#408)
- The template-injection audit now detects injections in calls to @azure/cli and @azure/powershell (#421)
- The template-injection audit no longer consider
github.server_urldangerous (#412) - The template-injection audit no longer crashes when evaluating
the static-ness of an environment for a
uses:step (#420)
This is a small quality and bugfix release. Thank you to everybody who helped by reporting and shaking out bugs from our first stable release!
- The github-env audit now detects dangerous writes to
GITHUB_PATH, is more precise, and can produce multiple findings per run block (#391)
workflow_call.secretskeys with missing values are now parsed correctly (#388)- The cache-poisoning audit no longer incorrectly treats
docker/build-push-actionas a publishing workflow ispush: falseis explicitly set (#389) - The template-injection audit no longer considers
github.action_pathto be a potentially dangerous expansion (#402) - The github-env audit no longer skips
run:steps with non-trivialshell:stanzas (#403)
This is the first stable release of zizmor!
Starting with this release, zizmor will use Semantic Versioning for
its versioning scheme. In short, this means that breaking changes will only
happen with a new major version.
This stable release comes with a large number of new features as well as stability commitments for existing features; read more below!
-
Composite actions (i.e.
action.ymlwhere the action is not a Docker or JavaScript action) are now supported, and are audited by default when runningzizmoron a directory or remote repository (#331)!!! tip
Composite action discovery and auditing can be disabled by passing `--collect=workflows-only`. Conversely, workflow discovery and auditing can be disabled by passing `--collect=actions-only`.See #350 for the status of each audit's support for analyzing composite actions.
-
The GitHub host to connect to can now be configured with
--gh-hostnameorGH_HOSTin the environment (#371)This can be used to connect to a GitHub Enterprise (GHE) instance instead of the default
github.cominstance.
- The cache-poisoning audit is now aware of common publishing actions and uses then to determine whether to produce a finding (#338, #341)
- The cache-poisoning audit is now aware of configuration-free caching actions, such as @Mozilla-Actions/sccache-action (#345)
- The cache-poisoning audit is now aware of even more caching actions (#346)
- The cache-poisoning audit is now aware of common publishing triggers (such as pushing to a release branch) and uses them to determine whether to produce a finding (#352)
- The github-env audit is now significantly more precise on
bashandpwshinputs (#354)
- The excessive-permissions audit is now less noisy on single-job workflows (#337)
- Expressions like
function().foo.barare now parsed correctly (#340) - The cache-poisoning defaults for
setup-gowere fixed (#343) uses:matching is now case-insensitive where appropriate (#353)- Quoted YAML keys (like
'on': foo) are now parsed correctly (#368)
Full Changelog: https://github.com/zizmorcore/zizmor/compare/v0.9.2...v0.10.0
- feat: handle powershell in github-env audit by @woodruffw in #227
- feat: template-injection: filter static envs by @woodruffw in #318
- feat: add 'primary' locations by @woodruffw in #328
- feat: initial cache-poisoning audit by @ubiratansoares in #294
- feat: Fix Sarif schema and add rules to Sarif files by @fcasal in #330
- fix: template-injection: more safe contexts by @woodruffw in #309
- fix: expands_to_static_values considers expressions inside strings by @woodruffw in #317
- fix: sarif: add result and kind by @woodruffw in #68
- fix: sarif: use ResultKind for kind by @woodruffw in #326
- refactor: use http-cache for caching, optimize network calls by @woodruffw in #304
- docs: support commits in trophy case by @woodruffw in #303
- docs: Fix typo in development.md by @JustusFluegel in #305
- @jsoref made their first contribution in #299
- @JustusFluegel made their first contribution in #305
- @fcasal made their first contribution in #330
Full Changelog: https://github.com/zizmorcore/zizmor/compare/v0.9.1...v0.9.2
- fix: template-injection: consider runner.tool_cache safe by @woodruffw in #297
- docs: more trophies by @woodruffw in #296
Full Changelog: https://github.com/zizmorcore/zizmor/compare/v0.9.0...v0.9.1
- fix: dont crash when an expression does not expand a matrix by @ubiratansoares in #284
Full Changelog: https://github.com/zizmorcore/zizmor/compare/v0.8.0...v0.9.0
- refactor: experiment with tracing by @woodruffw in #232
- feat: remove --no-progress by @woodruffw in #248
- fix: handle non-static env: in job steps by @woodruffw in #246
- fix: template-injection: ignore another safe context by @woodruffw in #254
- fix: download both .yml and .yaml from repos by @woodruffw in #265
- fix: bump annotate-snippets to fix crash by @woodruffw in #264
- fix: move artipacked pendantic finding to auditor by @woodruffw in #272
- fix: template-injection: ignore runner.temp by @woodruffw in #277
- feat: evaluates a matrix expansion only once by @ubiratansoares in #274
- docs: document installing with PyPI by @woodruffw in #242
- docs: add a trophy case by @woodruffw in #243
- docs: update pre-commit docs to point to new repo by @woodruffw in #247
- docs: switch GHA example to uvx by @woodruffw in #255
- docs: add template-injection tips by @woodruffw in #259
- docs: audits: add another env hacking reference by @woodruffw in #266
- docs: Rename "unsecure" to insecure by @szepeviktor in #270
- docs: more trophies by @woodruffw in #276
- docs: make the trophy case prettier by @woodruffw in #279
- @szepeviktor made their first contribution in #270
Full Changelog: https://github.com/zizmorcore/zizmor/compare/v0.7.0...v0.8.0
- feat: remote auditing by @woodruffw in #230
- fix: template-injection: ignore issue/PR numbers by @woodruffw in #238
- docs: restore search plugin by @lazka in #239
- @lazka made their first contribution in #239
Full Changelog: https://github.com/zizmorcore/zizmor/compare/v0.6.0...v0.7.0
- Split unpinned-uses into two separate checks by @funnelfiasco in #205
- feat: even more precision for bash steps in github-env by @ubiratansoares in #208
- feat: add Step::default_shell by @woodruffw in #213
- feat: handle
shell: shin github-env by @woodruffw in #216 - feat: primitive Windows batch handling in github-env by @woodruffw in #217
- feat: unpinned-uses: make unhashed check pedantic for now by @woodruffw in #219
- feat: add personas by @woodruffw in #226
- fix: bump github-actions-models by @woodruffw in #211
- docs: tweak installation layout by @woodruffw in #223
Full Changelog: https://github.com/zizmorcore/zizmor/compare/v0.5.0...v0.6.0
This is one of zizmor's bigger recent releases! Key enhancements include:
- A new
github-envaudit that detects dangerousGITHUB_ENVwrites, courtesy of @ubiratansoares - The
--min-severityand--min-confidenceflags for filtering results, courtest (in part) of @Ninja3047 - Support for
# zizmor: ignore[rule]comments, courtesy of @ubiratansoares
- feat: adds support to inlined ignores by @ubiratansoares in #187
- feat: add
--min-severityby @woodruffw in #193 - feat: add
--min-confidenceby @Ninja3047 in #196 - feat: adds new github-env audit by @ubiratansoares in #192
- feat: improve precision for github-env by @woodruffw in #199
- feat: generalized ignore comments by @woodruffw in #200
- docs: document ignore comments by @woodruffw in #190
- docs: usage: add note about support for ignore comments by @woodruffw in #191
- docs: add page descriptions by @woodruffw in #194
- docs: add more useful 3p references by @woodruffw in #198
- @Ninja3047 made their first contribution in #196
Full Changelog: https://github.com/zizmorcore/zizmor/compare/v0.4.0...v0.5.0
- feat: improve workflow registry error by @woodruffw in #172
- feat: unsecure-commands-allowed audit by @ubiratansoares in #176
- docs: rewrite audit docs by @woodruffw in #167
- docs: enable social card generation by @miketheman in #175
- docs: more badges by @woodruffw in #180
- docs: adds recommentations on how to add or change audits by @ubiratansoares in #182
- @chenrui333 made their first contribution in #90
Full Changelog: https://github.com/zizmorcore/zizmor/compare/v0.3.2...v0.4.0
- Fix singular and plural for 'findings' by @hugovk in #162
- feat: unpinned-uses audit by @woodruffw in #161
- Fix typos including
github.repostoryUrl->github.repositoryUrlby @hugovk in #164
Full Changelog: https://github.com/zizmorcore/zizmor/compare/v0.3.1...v0.3.2
- fix(cli): remove '0 ignored' from another place by @woodruffw in #157
- perf: speed up impostor-commit's fast path by @woodruffw in #158
- fix(cli): fixup error printing by @woodruffw in #159
Full Changelog: https://github.com/zizmorcore/zizmor/compare/v0.3.0...v0.3.1
- feat(cli): don't render "0 ignored" by @woodruffw in #148
- feat: --no-exit-codes + sarif tweaks by @woodruffw in #154
- @baggiponte made their first contribution in #150
Full Changelog: https://github.com/zizmorcore/zizmor/compare/v0.2.1...v0.3.0
- feat: exit code support by @woodruffw in #133
- fix: github.event.merge_group.base_sha is a safe context by @woodruffw in #137
- fix: exclude information about the repo and owner by @funnelfiasco in #136
- feat: add
--no-configby @woodruffw in #142
Full Changelog: https://github.com/zizmorcore/zizmor/compare/v0.2.0...v0.2.1
- refactor: clean up expr APIs slightly by @woodruffw in #126
- feat: Exclude safe values from template injection rule by @funnelfiasco in #128
- fix: bump github-actions-models by @woodruffw in #131
- feat: analyze expressions for safety by @woodruffw in #127
Full Changelog: https://github.com/zizmorcore/zizmor/compare/v0.1.6...v0.2.0
- chore: add description to
--helpby @woodruffw in #111 - fix: bump github-actions-models by @woodruffw in #112
- feat: improves plain output with audit confidence by @ubiratansoares in #119
- fix: bump github-actions-models by @woodruffw in #120
- docs: improve usage page and options for sarif and code scanning by @tobiastornros in #121
- feat: configuration file support by @woodruffw in #116
- @dependabot made their first contribution in #118
- @tobiastornros made their first contribution in #121
Full Changelog: https://github.com/zizmorcore/zizmor/compare/v0.1.5...v0.1.6
- feat: accept multiple arguments as inputs by @miketheman in #104
Full Changelog: https://github.com/zizmorcore/zizmor/compare/v0.1.4...v0.1.5
- Exclude
github.run_*from template injection check by @funnelfiasco in #92 - fix(ci): move read permissions to job scope by @miketheman in #95
- fix: links in README.md by @dmwyatt in #96
- test: adds acceptance tests on top of json-formatted output by @ubiratansoares in #97
- docs: add an example GHA workflow by @woodruffw in #98
- docs: update readme by @miketheman in #100
- docs: show example for usage in private repos by @miketheman in #99
- @funnelfiasco made their first contribution in #92
- @dmwyatt made their first contribution in #96
- @ubiratansoares made their first contribution in #97
Full Changelog: https://github.com/zizmorcore/zizmor/compare/v0.1.3...v0.1.4
- perf: Enable Link-Time Optimization (LTO) by @zamazan4ik in #81
- feat: begin prepping zizmor's website by @woodruffw in #78
- fix: Always use the plain formatter even when the output is not a terminal by @asmeurer in #83
- feat: show version by @miketheman in #84
- fix: finding url link to audits doc by @amenasria in #87
- @zamazan4ik made their first contribution in #81
- @asmeurer made their first contribution in #83
- @amenasria made their first contribution in #87
Full Changelog: https://github.com/zizmorcore/zizmor/compare/v0.1.2...v0.1.3
- fix: use relative workflow paths in SARIF output by @woodruffw in #77
Full Changelog: https://github.com/zizmorcore/zizmor/compare/v0.1.1...v0.1.2
- feat: github.ref_name is always an injection risk by @woodruffw in #67
- Create workflow that runs zizmor latest by @colindean in #71
- Link to GitHub workflow examples by @ncoghlan in #70
- docs: add homebrew install by @miketheman in #74
- fix: bump github-actions-models by @woodruffw in #75
- @colindean made their first contribution in #71
- @ncoghlan made their first contribution in #70
Full Changelog: https://github.com/zizmorcore/zizmor/compare/v0.1.0...v0.1.1
- Fix typo: security -> securely by @hugovk in #61
- fix: bump github-action-models by @woodruffw in #65
- @hugovk made their first contribution in #61