The `version` input defaults to `latest` and can't be "locked" · Issue #52 · zizmorcore/zizmor-action Currently, the default for the version input is the special value latest which, as noted in the README, causes the latest released version of the zizmor image to be pulled/run: zizmor-action/action...

WTF?? #Zizmor is a GitHub actions security linting tool, and their own action basically pull the latest version by default...

🤡

https://github.com/zizmorcore/zizmor-action/issues/52

One year of zizmor
blog.yossarian.net/2025/09/14/one-year-of-z...
#devblog #programming #rust #zizmor

Fun with finite state transducers
blog.yossarian.net/2025/08/14/Fun-with-fini...
#devblog #programming #rust #zizmor

zizmor Static analysis for GitHub Actions

Discovered #zizmor to audit github actions, looks pretty promoshing!

> docs.zizmor.sh

#ci #quality

Comparison of GitHub Action Scanners A comparison of GitHub Action Scanners.

I saw a lot of talk about #GitHubAction Static Code Analyzers in the wake of some high profile supply chain attacks. Primarily #poutine and #zizmor, but I also came across #octoscan and a research project by #Snyk. Here is my comparison of the four:

blog.kammel.dev/post/github_...

A Discord server and new GitHub organization for zizmor
blog.yossarian.net/2025/05/07/zizmor-discor...
#security #oss #devblog #programming #rust #zizmor

Original post on fosstodon.org

Taking a first poke at auditing my #GitHub Actions with #zizmor

There's a lot to digest here, for me. Pretty much shows me how little I understand the actions I've had in place for quite a while (that's bad).

But, I've gotten it's tests to pass with remediation! (that's good, right???)
I'm a […]