Your Documentation, Fully Protected
Zenzic detects broken links, leaked credentials, and orphan pages before they reach production. No configuration required to start. No engine-specific build integration required.
Experience it now — zero install required
uvx zenzic lab
zenzic lab launches an interactive showcase of every scanner in action: credential detection,
broken links, orphan pages, path traversal guard enforcement. Run it against bundled
fixtures and see the results in real time.
Run a full audit quickly — no installation, no setup:
uvx zenzic check all .
→ Learn more in the Interactive Lab tutorial
Two Instruments: Check and Score
zenzic check all is a binary gate. It emits a deterministic exit code based on findings detected within the analyzed scope. Exit 0 means no findings were detected.
zenzic score computes a 0–100 quality score using a weighted penalty model across four categories: Structural Integrity (30%), Navigation (25%), Brand & Assets (25%), Content Excellence (20%). A 100/100 means zero penalized findings within the analyzed scope. Excluded content is not evaluated. A score below 100/100 is a passing audit if it meets the configured fail_under threshold.
One absolute rule: any Z2xx finding collapses the score to 0/100 unconditionally, regardless of fail_under.
Deterministic Failure Analysis: Before vs After Zenzic
| Scenario | Without Zenzic (Traditional Linter) | With Zenzic |
|---|---|---|
| Broken Link | CI fails with generic error, no file/line/cause. | Zenzic finding: file, line, code (e.g. Z404), actionable fix, deterministic exit code. |
Virtual Route (e.g. /blog/tags/python/) | False positive (404): dynamic routes not resolved, forced to use ignore/regex. | Deterministic resolution via VRM: virtual route mapped to source_files without Node.js. |
| Credential Leak | Linter may miss secrets in YAML/code blocks; no masking; incident may reach git history. | Credential scanner: scans all content, masks secrets, halts pipeline (exitCode=2, Z201), never prints full secret. |
| Exit Codes | Non-standard, ambiguous, or missing. | Tiered: Z1xx (link integrity), Z2xx (security), Z4xx (structure), Z6xx (governance). |
Example: Zenzic terminal output for a Virtual Route finding
This is not a lint check. It is a non-negotiable security gate.
→ How to act when credential scanner blocks a secret
Four Entry Points
| Tutorials → | From zero to a passing audit in 3 minutes. |
| How-to → | Integrate with GitHub Actions for automated CI/CD checks. |
| Reference → | Every flag, every Zxxx code, every option. |
| Explanation → | How findings reduce the 100-point baseline and how fail_under sets your CI threshold. |
Native GitHub Integration
- uses: PythonWoods/zenzic-action@<version>
with:
format: sarif
upload-sarif: "true"
Findings can appear as inline Pull Request annotations and in the Security tab —
no log parsing, no custom scripts, no post-processing. The official
PythonWoods/zenzic-action handles
installation, execution, and SARIF upload in a single workflow step.
CI verification in this repository uses an Ubuntu runner.
"The Code is Law. The Documentation is Truth. Zenzic is vigilant."