GitHub Actions security
📦 
A GitHub Action that performs a security scan of your GitHub Actions.
Scans your Github Actions for security issues
Octoscan is a static vulnerability scanner for GitHub action workflows.
Static checker for GitHub Actions workflow files
Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, and process activity on those runners, detecting threats in re…
poutine, a supply chain vulnerability scanner for build pipelines
Anchore container analysis and scan provided as a GitHub Action
GitHub Attack Toolkit - Extreme Edition - A static analysis and exploit toolkit for GitHub Actions.
A vulnerability scanner for container images and filesystems
A GitHub action that performs static analysis for shell scripts using shellcheck, shfmt and checkbashisms.
A CLI that update GitHub Actions's `permissions` automatically
Guideline of best practices to follow to configure Github Enterprise Cloud self-hosted runners in a secure way.
Pin your GitHub actions to a specific hash
A curated list of awesome things related to securing your GitHub Actions workflows.
Official GitHub Action for OpenSSF Scorecard.
SARIF Microsoft Visual Studio Code extension
Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets
Runtime Security Solution for your CI/CD Pipeline
Nord Stream is a tool that allows you to extract secrets stored inside CI/CD environments by deploying malicious pipelines. It currently supports Azure DevOps, GitHub and GitLab.
A GitHub Action used for publishing an Action to ghcr.io as an OCI container.
Supply Chain Security Research - Living Off The Pipeline tools
GitHub Actions Cache Native Malware - for Educational and Research Purposes only.
GitHub token permissions Monitor and Advisor actions
Script to audit GitHub Action Workflow files for potential vulnerabilities.