This release comes with one new audit (unredacted-secrets), plus a handful of bugfixes and analysis improvements to existing audits. It also comes with improvements to SARIF presentation, ignore comments, as well as an official Docker image!
New Features 🌈🔗
zizmor
now has official Docker images! You can find them on the GitHub Container Registry under ghcr.io/woodruffw/zizmor (#532)- New audit: unredacted-secrets detects secret accesses that are not redacted in logs (#549)
Improvements 🌱🔗
- SARIF outputs are now slightly more aligned with GitHub Code Scanning expectations (#528)
# zizmor: ignore[rule]
comments can now have trailing explanations, e.g.# zizmor: ignore[rule] because reasons
(#531)- The bot-conditions audit now detects
github.triggering_actor
as another spoofable actor check (#559)
Bug Fixes 🐛🔗
- Fixed a bug where
zizmor
would fail to parse workflows withworkflow_dispatch
triggers that contained non-string inputs (#563)
Upcoming Changes 🚧🔗
- The next minor release of
zizmor
will be built with Rust 2024. This should have no effect on most users, but may require users who build zizmor from source to update their Rust toolchain.