AIUI, Zygisk is a Google-approved variety of Magisk. The real issue with SafetyNet bypass is that it's inherently unreliable because Google could at any time require a locked bootloader running stock OEM ROM for passing SafetyNet, so any rooted device would be SOL.
From what I'm reading many newer devices require a locked bootloader, else SafetyNet will fail. So realistically I think that means only Pixel phones could work, since they support relocking the bootloader with a non-stock ROM.
Lots of phones support relocking to a user provided key (OnePlus does for sure) but it's a less trusted state than locked to the vendor key, I don't think it counts as good enough for full SafetyNet
