Trophy case 🏆

zizmor's objective is to detect CI/CD security issues that could compromise the software we all rely on.

This page documents key examples where zizmor helped make big projects more secure!

Give yourself a trophy!

Do you contribute to or maintain a big (>100 star) project that had its GitHub Actions security improved by zizmor? Add it to our list!

• adafruit

  ---

  Examples

  • adafruit/circuitpython#9785

• apache

  ---

  Examples

  • apache/airflow#45408
  • apache/opennlp#736

• ashishb

  ---

  Examples

  • ashishb/wp2hugo#91

• astral-sh

  ---

  Examples

  • astral-sh/ruff#14844

• astropy

  ---

  Examples

  • astropy/astropy#17315

• autotag-dev

  ---

  Examples

  • autotag-dev/autotag#142

• blakeblackshear

  ---

  Examples

  • blakeblackshear/frigate#15490

• brian-team

  ---

  Examples

  • brian-team/brian2@d497b11

• cakephp

  ---

  Examples

  • cakephp/cakephp#18081

• curl

  ---

  Examples

  • curl/curl@ba9fe58
  • curl/curl-for-win@05ca755

• danmar

  ---

  Examples

  • danmar/cppcheck#7044

• DataDog

  ---

  Examples

  • DataDog/datadog-agent#30871
  • DataDog/dd-trace-py#11640

• datalens-tech

  ---

  Examples

  • datalens-tech/datalens-backend#777

• Diaoul

  ---

  Examples

  • Diaoul/subliminal#1190

• Electric-Coin-Company

  ---

  Examples

  • Electric-Coin-Company/zcash-light-client-ffi#186

• esl

  ---

  Examples

  • esl/MongooseIM#4435

• ethereum

  ---

  Examples

  • ethereum/hevm#615

• fpgmaas

  ---

  Examples

  • fpgmaas/deptry#972

• freeCodeCamp

  ---

  Examples

  • freeCodeCamp/devdocs#2386

• freedomofpress

  ---

  Examples

  • freedomofpress/securedrop-workstation#1222

• freemocap

  ---

  Examples

  • freemocap/freemocap#659

• gaphor

  ---

  Examples

  • gaphor/gaphor#3658

• getsops

  ---

  Examples

  • getsops/sops#1704

• girlbossceo

  ---

  Examples

  • girlbossceo/conduwuit@c6bf8f5

• git-lfs

  ---

  Examples

  • git-lfs/git-lfs#5930

• gitbutlerapp

  ---

  Examples

  • gitbutlerapp/gitbutler#5946

• google

  ---

  Examples

  • google/zx#1067

• guacsec

  ---

  Examples

  • guacsec/guac#2276

• hellux

  ---

  Examples

  • hellux/jotdown#76

• Homebrew

  ---

  Examples

  • Homebrew/actions#630
  • Homebrew/actions#631
  • Homebrew/brew#18662
  • Homebrew/brew.sh#1107
  • Homebrew/formulae.brew.sh#1621
  • Homebrew/homebrew-cask#195318
  • Homebrew/homebrew-cask#195310
  • Homebrew/homebrew-cask#195309
  • Homebrew/homebrew-cask#195308
  • Homebrew/homebrew-command-not-found#203
  • Homebrew/homebrew-core#195961
  • Homebrew/homebrew-core#201306
  • Homebrew/homebrew-portable-ruby#255

• huggingface

  ---

  Examples

  • huggingface/peft#2288

• hugovk

  ---

  Examples

  • hugovk/em-keyboard#148
  • hugovk/norwegianblue#233
  • hugovk/pypistats#460

• hynek

  ---

  Examples

  • hynek/argon2-cffi#185
  • hynek/doc2dash#225
  • hynek/environ-config#88
  • hynek/hatch-fancy-pypi-readme#57
  • hynek/pem#100
  • hynek/prometheus-async#70
  • hynek/stamina#81
  • hynek/structlog#663
  • hynek/svcs#111

• icsharpcode

  ---

  Examples

  • icsharpcode/ILSpy#3365

• Instagram

  ---

  Examples

  • Instagram/LibCST#1262

• lmstudio-ai

  ---

  Examples

  • lmstudio-ai/venvstacks#51

• marcusvolz

  ---

  Examples

  • marcusvolz/strava_py#53

• matplotlib

  ---

  Examples

  • matplotlib/matplotlib#29251

• maxmind

  ---

  Examples

  • maxmind/mmdbinspect#82
  • maxmind/MaxMind-DB-Reader-python#178
  • maxmind/GeoIP2-php#233
  • maxmind/MaxMind-DB-Reader-dotnet#198
  • maxmind/libmaxminddb#365
  • maxmind/GeoIP2-java#517
  • maxmind/MaxMind-DB-Reader-java#221
  • maxmind/geoipupdate#354
  • maxmind/geoip2-csv-converter#87
  • maxmind/mmdbwriter#104
  • maxmind/GeoIP2-node#1387

• MeteorDevelopment

  ---

  Examples

  • MeteorDevelopment/meteor-client#5091

• mfussenegger

  ---

  Examples

  • mfussenegger/nvim-lint#710

• mkuf

  ---

  Examples

  • mkuf/prind#183

• mne-tools

  ---

  Examples

  • mne-tools/mne-python#13011

• MoarVM

  ---

  Examples

  • MoarVM/MoarVM#1875

• mongodb

  ---

  Examples

  • mongodb/motor#312
  • mongodb/mongo-python-driver#2001

• mongodb-labs

  ---

  Examples

  • mongodb-labs/flask-pymongo#170

• narwhals-dev

  ---

  Examples

  • narwhals-dev/narwhals#1567

• NetApp

  ---

  Examples

  • NetApp/harvest#3247

• nextcloud

  ---

  Examples

  • nextcloud/.github#477

• NLnetLabs

  ---

  Examples

  • NLnetLabs/nsd#413
  • NLnetLabs/unbound#1204

• numpy

  ---

  Examples

  • numpy/numpy#27931
  • numpy/numpy.org#797

• Orange-OpenSource

  ---

  Examples

  • Orange-OpenSource/hurl#3574

• Ouranosinc

  ---

  Examples

  • Ouranosinc/xclim#2023

• oxc-project

  ---

  Examples

  • oxc-project/oxc#7844

• praetorian-inc

  ---

  Examples

  • praetorian-inc/noseyparker#228

• prettytable

  ---

  Examples

  • prettytable/prettytable#339

• psf

  ---

  Examples

  • psf/cachecontrol#345

• pyca

  ---

  Examples

  • pyca/service-identity#75

• pylast

  ---

  Examples

  • pylast/pylast#465

• pymc-devs

  ---

  Examples

  • pymc-devs/pymc#7624
  • pymc-devs/pytensor#1136

• PyO3

  ---

  Examples

  • PyO3/pyo3#4774

• pypa

  ---

  Examples

  • pypa/packaging.python.org#1765
  • pypa/pip-audit#851

• pypi

  ---

  Examples

  • pypi/stdlib-list#138
  • pypi/warehouse#16996

• pytest-dev

  ---

  Examples

  • pytest-dev/pytest#13062

• python

  ---

  Examples

  • python/bedevere#652
  • python/cpython#127749
  • python/miss-islington#705
  • python/mypy#18413

• python-attrs

  ---

  Examples

  • python-attrs/attrs#1368
  • python-attrs/cattrs#605

• python-humanize

  ---

  Examples

  • python-humanize/humanize#221

• python-pillow

  ---

  Examples

  • python-pillow/Pillow#8526

• python-poetry

  ---

  Examples

  • python-poetry/cleo#462
  • python-poetry/poetry#9895
  • python-poetry/poetry-core#799
  • python-poetry/poetry-plugin-export#308
  • python-poetry/poetry-plugin-bundle#125

• python-telegram-bot

  ---

  Examples

  • python-telegram-bot/python-telegram-bot#4606

• python-trio

  ---

  Examples

  • python-trio/trio#3154

• PyVRP

  ---

  Examples

  • PyVRP/PyVRP#670

• rubygems

  ---

  Examples

  • rubygems/rubygems.org#5350

• rust-lang

  ---

  Examples

  • rust-lang/crates.io#10176
  • rust-lang/rust-clippy#13933

• rustls

  ---

  Examples

  • rustls/rustls#2261
  • rustls/tokio-rustls#96
  • rustls/webpki#299

• Saghen

  ---

  Examples

  • Saghen/blink.cmp#991

• sigstore

  ---

  Examples

  • sigstore/cosign#3959
  • sigstore/fulcio#1910
  • sigstore/gitsign#602

• simpeg

  ---

  Examples

  • simpeg/simpeg#1592

• termcolor

  ---

  Examples

  • termcolor/termcolor#89

• termux

  ---

  Examples

  • termux/termux-packages#22519

• torchbox

  ---

  Examples

  • torchbox/wagtailmedia#252

• tornadoweb

  ---

  Examples

  • tornadoweb/tornado#3438

• ua-parser

  ---

  Examples

  • ua-parser/uap-python#250

• ultrajson

  ---

  Examples

  • ultrajson/ultrajson#650

• Unidata

  ---

  Examples

  • Unidata/MetPy#3710

• urllib3

  ---

  Examples

  • urllib3/urllib3#3528

• uutils

  ---

  Examples

  • uutils/coreutils#6973

• ViaVersion

  ---

  Examples

  • ViaVersion/ViaVersion#4315

• vlang

  ---

  Examples

  • vlang/v#22681

• wagtail

  ---

  Examples

  • wagtail/wagtail-localize#843

• zkonduit

  ---

  Examples

  • zkonduit/ezkl#907
  • zkonduit/ezkl#906