# zizmor 1.24.1

Static analysis for GitHub Actions

Snapshot of gominimal/pkgs commit `cd4b09dd2f492c47fba70eb1b8a8c724dabdc7e9` (pushed 2026-07-10T23:16:55.000Z).

## Install

```sh
min add zizmor
```

## Direct advisories

None at this commit.

## Transitive advisories

5 advisories inherited through runtime dependencies:

- CVE-2026-4046 (HIGH) via glibc
- CVE-2026-4437 (HIGH) via glibc
- CVE-2026-4438 (MEDIUM) via glibc
- CVE-2026-5450 (CRITICAL) via glibc
- CVE-2026-5928 (HIGH) via glibc

## Dependencies

- Build (4): base, make, rust, toolchain
- Runtime (1): glibc

## Scorecard

| Category | Score | Band |
| --- | --- | --- |
| supply-chain | 82 | good |
| advisories | 10 | low |
| quality | 44 | low |
| maintenance | 67 | mid |
| licence | 100 | perfect |

## Links

- Homepage: http://docs.zizmor.sh/
- Package page (HTML): https://minimal.dev/pkgs/zizmor
- JSON API (floats latest): https://minimal.dev/api/pkgs/zizmor.json
- SBOM (CycloneDX 1.5): https://minimal.dev/api/pkgs/zizmor/sbom.json
